Information About the 2023 Mr. Cooper Cyber Incident

How We Are Protecting Your Data and Building Stronger Security

Over a two-day period, an unauthorized party gained access to files containing sensitive personal information of current and former customers. As a company that prides itself on safeguarding customer information, we immediately took action to resolve the situation and mitigate any potential risks to our valued clients.

The Incident: What We Discovered and How We Acted Quickly

As soon as the breach was identified, our IT and cybersecurity teams sprang into action. We discovered that the unauthorized access lasted for two days, during which sensitive customer data, such as names, addresses, and other personally identifiable information, was accessed. Importantly, our internal systems show no indication that financial information, such as mortgage payments or account numbers, was compromised during the incident.

We understand that any data breach can be alarming, and we want to assure our customers that we took immediate steps to contain the breach, investigate its scope, and take corrective actions. This included locking down affected systems, securing data from further exposure, and engaging law enforcement to investigate the matter further.

How We Responded: Ensuring the Security of Our Systems

At Mr. Cooper, we take data security seriously. As soon as we detected the breach, our focus was on minimizing the impact on our customers and ensuring that our systems were fully secured. Here’s a closer look at the steps we took to respond:

  1. Immediate Containment of the Breach
    The first priority was to stop further unauthorized access. Our IT team worked diligently to identify and isolate the affected systems, preventing the unauthorized party from accessing additional data. We also implemented additional security layers to prevent future breaches.
  2. Notification of Affected Customers
    Transparency is key to maintaining trust. Once we understood the scope of the breach, we notified all affected customers, providing them with information about what happened, how their data was affected, and the steps they should take to protect themselves. We wanted to make sure customers had the support they needed during this challenging time.
  3. Collaborating with Law Enforcement
    We immediately notified law enforcement agencies, who are currently investigating the breach. We are fully cooperating with them, providing all necessary information to help identify the individuals responsible for this incident. Our goal is to ensure those responsible are held accountable for this breach of trust.
  4. Enhancing Our Cybersecurity Measures
    While this breach was a serious incident, it has strengthened our resolve to protect your data. We’re not only fixing the immediate issue but are also taking steps to improve our cybersecurity infrastructure. This includes investing in next-generation threat detection systems, enhancing encryption protocols, and reviewing our internal security policies.

What We Are Doing to Prevent Future Incidents: Strengthening Cyber Defenses

The security of your personal information is our top priority, and we are taking every step to prevent future security breaches. The actions we are taking go beyond just fixing the immediate vulnerabilities; we are investing in the long-term security of our systems. Here are some of the steps we’re taking to ensure the integrity of our systems going forward:

  1. Deploying Advanced Cybersecurity Technologies
    Our cybersecurity infrastructure is being upgraded with the latest threat detection tools. We are deploying artificial intelligence (AI)-powered systems that monitor traffic and activity on our networks in real time, identifying potential threats before they can cause harm. These systems provide advanced protection by learning from emerging threats and adapting to evolving tactics used by cybercriminals.
  2. Strengthening Authentication and Access Controls
    We’re introducing stronger multi-factor authentication (MFA) across all of our platforms. This will provide an additional layer of security by requiring multiple forms of verification before anyone can access sensitive information. We are also implementing stricter access controls to ensure that only authorized personnel can access specific systems, reducing the risk of internal breaches.
  3. Regular Security Audits and Penetration Testing
    To stay ahead of cyber threats, we will conduct regular audits and penetration testing. These proactive measures will allow us to identify weaknesses in our security and address them before they can be exploited by cybercriminals. These tests simulate attacks to assess the effectiveness of our defenses and ensure we are prepared for any potential risks.
  4. Employee Training and Awareness
    As part of our ongoing commitment to security, we are enhancing our employee training programs to help every team member better understand cybersecurity threats. This includes phishing awareness, safe data handling practices, and identifying suspicious activity in the workplace. Our goal is to foster a culture of security where everyone plays a part in protecting customer data.

How We Are Supporting Affected Customers: Credit Monitoring and Identity Protection

We understand that our customers’ trust is the foundation of everything we do, and we are committed to helping those affected by this breach. As a result, we are offering comprehensive credit monitoring and identity protection services at no cost to any customer whose personal information may have been exposed during the breach.

Here’s how we’re supporting our customers:

  1. Free Credit Monitoring
    We are offering free credit monitoring services to all affected customers. These services will alert you to any suspicious activity on your credit report, including any new accounts opened in your name. This early warning system will help customers quickly identify and respond to potential identity theft.
  2. Identity Theft Insurance
    As part of our identity protection services, we are providing affected customers with identity theft insurance. This coverage will help mitigate the costs associated with identity theft, including legal fees and recovery costs, if your personal information is misused.
  3. Fraud Resolution Assistance
    In addition to credit monitoring and identity theft insurance, we are providing direct access to our fraud resolution specialists. These experts are available to assist customers with any concerns or questions they may have about protecting their identity or recovering from potential fraud.
  4. Steps for Personal Protection
    We’ve provided detailed steps for all affected customers on how to monitor their credit, spot signs of identity theft, and take action to safeguard their personal data. Customers are encouraged to regularly review their credit reports, set fraud alerts, and be vigilant against phishing scams or suspicious communications.

Building a Stronger Future: Our Promise to Customers

At Mr. Cooper, we take data privacy and cybersecurity seriously. While we regret that this breach occurred, we are using it as an opportunity to strengthen our cybersecurity infrastructure and improve our systems. The actions we are taking now will help us better protect your data in the future.

We want to reassure our customers that their trust is vital to us. We are committed to providing the highest level of protection for your sensitive information, and we will continue to work hard to prevent any future breaches. Your security is our priority, and we will remain transparent with our customers, providing ongoing updates as we make progress on improving our cybersecurity efforts.

Conclusion: Our Commitment to Protecting Your Data

While cybersecurity challenges are an unfortunate reality for companies across industries, Mr. Cooper is determined to rise above these challenges and build stronger defenses for the future. This incident has only reinforced our commitment to providing the best protection for your personal data.

We thank our customers for their patience and understanding during this time. We are confident that the steps we are taking now, combined with our ongoing commitment to cybersecurity, will ensure your information is better protected than ever before.

For affected customers, please visit our dedicated support page for more information on enrolling in credit monitoring services, getting identity protection assistance, or seeking further guidance on next steps.