Major mortgage provider struck by cyberattack

Hacks have increased through the pandemic and the war in Ukraine. — © AFP/File Noel Celis

Mortgage giant Mr. Cooper has just disclosed that the information of nearly 14.7 million people was accessed in an October 2023 cyberattack. Following this news, Andrew Costis, Chapter Lead of the Adversary Research Team at AttackIQ, looks into what has gone wrong with this trusted firm.

According to Mr. Cooper: “that personal information relating to substantially all of our current and former customers was obtained from our systems during this incident. To assist our customers, we will offer complimentary identity protection services, including credit monitoring, to all of our current and former customers for two years.”

Costis begins by setting the scene, especially for non-U.S. residents, as to the significance of the firm: “Mr. Cooper, the largest nonbank mortgage service in the United States has disclosed that the information of nearly 14.7 million people was breached during an October cyberattack.”

In terms of what types of information has been impacted, Costis explains: “The personally identifiable information (PII) accessed included social security numbers and bank information. Though the company did not disclose if this was a ransomware attack, they continue to monitor the dark web for any leaked data.”

As to what is being done to redress this significant incident, Costis finds: “In response to the breach, the company is offering all affected customers two years of credit monitoring as well as alternative options for loan repayment.”

The sector as a whole remains relatively vulnerable to these forms of cyber-incident. Costis evidences: “Just weeks after the FTC mandated 30-day breach reporting for non-banking financial institutions, Mr. Cooper was hit by this cyberattack, serving as a stark reminder of the vulnerability of these institutions to cybercrime and the urgency of cybersecurity measures in this sector.”

Meanwhile finance remains vulnerable, as Costis points out: “The banking and financial services industry remains a top target for cyberattacks. For organizations like Mr. Cooper, with millions of customers, a single breach can have devastating consequences.”

Despite the vulnerabilities there are measures that the business world can take to developed improved defences. Costis outlines these as: “To stay ahead, a proactive threat-informed cyber defence strategy is crucial. By studying the common tactics, techniques, and procedures (TTPs) used by threat actors, organizations can test their systems and align their security defences against these simulated attacks.”

Costis pits out another recommendation for financial institutions to consider: “Through continuous testing, you can evaluate any weaknesses in your defences before threat actors do, eliminating potential blind spots.”