U.S. mortgage lending giant Mr. Cooper was breached in a cyberattack that caused the company to shut down IT systems, including access to their online payment portal. Mr. Cooper is a mortgage lending company based out of Dallas, Texas, that employs approximately 9,000 people and has 4.1 million customers. Yesterday, customers reported that they could not log in to Mr. Cooper's website to pay their mortgages or loans. "We are experiencing a system/technical outage, and we hope to resolve this soon," read a notice on Mr. Cooper's website. "Customers trying to make payments will not incur fees or any negative impacts as we work to fix this issue. We apologize for any inconvenience this may cause and will continue to provide regular updates." After contacting Mr. Cooper about the outages allegedly caused by a cyberattack, the company notified customers today that they suffered a cyberattack. "On October 31, 2023, Mr. Cooper determined that the company had experienced a cybersecurity incident in which an unauthorized third party gained access to certain technology systems," reads a notice of cyber security incident on Mr. Cooper's website. "Following detection of the incident, we initiated response protocols, including deploying containment measures to protect systems and data and shut down certain systems as a precautionary measure." Customers trying to make mortgage payments will be unable to do so while the systems are down. Mr. Cooper told BleepingComputer that they have begun notifying customers about the incident and promise not to charge any fees, penalties, or negative credit reporting related to late payments as they restore systems. "Customers who have tried or need to make payments will not incur fees, penalties or negative credit reporting as we work to resolve this issue," Mr. Cooper told BleepingComputer. The company says they are still investigating whether customer data was stolen and will notify impacted customers if any was exposed during the attack. While Mr. Cooper has not disclosed whether this is a ransomware attack, it bears all the signs of being one. If it turns out this was a ransomware attack, then it is likely that data was stolen to be used as leverage to get Mr. Cooper to pay a ransom demand. As Mr. Cooper holds sensitive information about customers, including financial information, customers should be vigilant against potential phishing attacks and identity theft. Kwik Trip finally confirms cyberattack was behind ongoing outage. American Family Insurance confirms cyberattack is behind IT outages. Cyberattack on health services provider impacts 5 Canadian hospitals. University of Michigan employee, student data stolen in cyberattack. International Criminal Court systems breached for cyber espionage.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000