Mr. Cooper Cyber Attack
Date: 7 February 2024
American Mortgage Lending Giant was hit by a cyber attack towards the end of last year. The company had to shut down IT systems including access to their online payment portal, creating quite a ruckus amongst customers who were unable to make their payments on time.
In about a week, however, the company managed to bring its payment facility online. Sadly, though, it turned out that data of 14.7 million customers had been exposed in this major breach of 2023.
This educational cyber attack timeline encapsulates what went wrong in the case of Mr. Cooper. We’ve organised the events chronologically and broken them down as The Incident, Its Impact and the Actions Taken by the organisation.
Download the Mr. Cooper Cyber Attack Timeline and Summary Image.
At Cyber Management Alliance, we regularly create educational cyber-attack timelines with the sole purpose of creating a historical perspective on cyber attacks, ransomware attacks and data breaches. As they say, life is too short to learn from your own experiences and these attack timelines help you learn how others were impacted and how they responded to the crisis situations.
You might also want to use these Attack Timelines as inspiration to create Cyber Attack Tabletop Exercise Scenarios for your business.
Disclaimer: This document has been created with the sole purpose of encouraging discourse on the subject of cybersecurity and good security practices. Our intention is not to defame any company, person or legal entity. Every piece of information mentioned herein is based on reports and data freely available online. Cyber Management Alliance neither takes credit nor any responsibility for the accuracy of any source or information shared herein.
About the Mr. Cooper Cyber Attack
The cyber attack on Mr. Cooper resulted in a breach of data of 14.7 million existing and past customers. The personal information included included names, addresses, phone numbers, Social Security numbers, dates of birth and bank account numbers.
As per ClassAction.org, Mr. Cooper is now facing a Class Action lawsuit. The 43-page lawsuit alleged that the highly sensitive information was stored in ‘inadequately protected’ servers. ClassAction.org said the case apparently argued that the “massive and preventable” Mr. Cooper data breach was a result of the company’s negligence in implementing reasonable cybersecurity protocols to protect the sensitive information in its care.
Apart from the legal repercussions, Mr. Cooper also faced significant backlash when its customers weren't able to make their mortgage payments online. Those who made payments just before the systems were shut down, didn’t receive confirmations, leading to consumer angst on social media.
Lessons Learned from the Mr. Cooper Attack
Before we dive into the lessons learned from the data breach at Mr. Cooper, let’s reiterate the fact that this could happen to any business. The fact that it happened to a mortgage servicing giant made the attack newsworthy. But several small and medium sized organisations face this fate pretty regularly.
While some customers shared their chagrin when Mr. Cooper systems went down, largely the organisation checked off the boxes when it came to Cyber Incident Response.
They notified customers and the regulatory authorities in time. They deployed containment measures and implemented necessary response protocols. Mr. Cooper also launched an investigation into the incident. And once it became apparent that 14.7 million customers had been impacted, the company offered two years of credit monitoring protections and a call line was created for this purpose.
One important lesson here is that proper Cyber Incident Response Plans and a strong Cybersecurity Policy can go a long way in mitigating very serious damage from cyber attacks. If you’re uncertain how to create your own cybersecurity documents, our Virtual Cyber Assistant services may just be the perfect solution.
Our cybersecurity consultants will help you create and/or review cybersecurity artefacts and Incident Response Playbooks that bolster your cyber resilience posture. They can also help you achieve regulatory and legal compliance and fulfil your cybersecurity goals across 280+ services in 15 domains.
The other important lesson is that no matter how confident you might feel in your cybersecurity posture, regular validation of your protocols and processes is indispensable. This can be achieved by conducting Cyber Attack Tabletop Exercises. It’s always advisable to hire an external expert facilitator for your cybersecurity drill. But if that’s not possible, you can use any of the free resources created by our cybersecurity experts:
- Top Cyber Tabletop Exercise Scenarios
- Cyber Tabletop Exercise PPT
- Cyber Tabletop Exercise Template
- Ransomware Incident Response Playbook
Disclaimer: This document has been created with the sole purpose of encouraging discourse on the subject of cybersecurity and good security practices. Our intention is not to defame any company, person or legal entity. Every piece of information mentioned herein is based on reports and data freely available online. Cyber Management Alliance neither takes credit nor any responsibility for the accuracy of any source or information shared herein.