One of the largest mortgage providers in the US has revealed that an October breach has impacted 14.7 million customers.
Mr Cooper (formerly Nationstar Mortgage) discovered suspicious activity on its network on October 31 and subsequently shut down its systems to contain the incident and safeguard data.
“Through our investigation, we determined that there was unauthorized access to certain of our systems between October 30, 2023 and November 1, 2023. During this period, we identified that files containing personal information were obtained by an unauthorized party,” it explained in a note on its website.
Now a data breach notification filed with the Office of the Maine Attorney General has revealed more details. Aside from the 14,690,284 customers affected, it reveals that names, addresses, phone numbers, Social Security numbers, dates of birth and bank account numbers have been taken.
Read more on data breaches: US Smashes Annual Data Breach Record With Three Months Left
That’s a significant quantity of sensitive personally identifiable and financial information that could be highly monetizable to identity fraudsters.
“Upon learning of this incident, we immediately took steps to identify and remediate it, including locking down our systems, changing account passwords, and restoring our systems. We initiated a detailed review to identify personal information contained in the impacted files as part of the incident,” Mr Cooper explained in the notice.
“We are monitoring the dark web and have not seen any evidence that the data related to this incident has been further shared, published, or otherwise misused. We are also further enhancing the security of our systems to help prevent incidents like this from happening in the future.”
No ransomware groups have thus far taken responsibility for the breach.
Customers affected by the incident are urged to enroll in free identity protection services provided by the company. Mr Cooper claims to be the third-largest mortgage servicer in the US.