Mortgage lender Mr Cooper has now admitted almost 14.7 million people's private information, including addresses and bank account numbers, were stolen in an earlier IT security breach, which is expected to cost the business at least $25 million to clean up.
In notifications filed with the US states of California and Maine on Friday, the mortgage giant revealed that scope of the cyberattack was much worse than it believed: highly personal records belonging to millions were snatched by one or more miscreants.
This personal information included people's names, addresses, phone numbers, Social Security numbers, dates of birth, and bank account numbers.
Those affected include anyone whose mortgage may have been previously acquired or serviced by Mr Cooper, Nationstar Mortgage LLC, Centex Home Equity, or another sister brand or servicing partner.
Anyone who previously applied for a home loan with any of these lenders may also be affected, we're told.
Mr Cooper was formerly known as Nationstar, and is based in Texas.
While the company says it has not seen any evidence that this data has been used for identity theft or fraud, Mr Cooper said it will continue to monitor the dark web for any evidence that the thieves are sharing, leaking, or otherwise misusing the stolen files.
Plus: All affected individuals will receive 24 months of free credit monitoring.
When asked about the breach, a Mr Cooper spokesperson referred The Register to a statement on the biz's website.
In addition to mailing out data breach notifications to millions of people, Mr Cooper also on Friday filed an updated Form 8-K with the US Securities and Exchange Commission and reported higher-than-expected costs related to the digital break in.
This Cyber News was published on go.theregister.com. Publication date: Mon, 18 Dec 2023 21:13:07 +0000