Connect with us

Hi, what are you looking for?

Tech & Science

Major mortgage provider struck by cyberattack

The banking and financial services industry remains a top target for cyberattacks.

The number of hacks has been increasing worldwide. — © AFP/File Noel Celis
The number of hacks has been increasing worldwide. — © AFP/File Noel Celis

Mortgage giant Mr. Cooper has just disclosed that the information of nearly 14.7 million people was accessed in an October 2023 cyberattack. Following this news, Andrew Costis, Chapter Lead of the Adversary Research Team at AttackIQ, looks into what has gone wrong with this trusted firm.

According to Mr. Cooper: “that personal information relating to substantially all of our current and former customers was obtained from our systems during this incident. To assist our customers, we will offer complimentary identity protection services, including credit monitoring, to all of our current and former customers for two years.”

Costis begins by setting the scene, especially for non-U.S. residents, as to the significance of the firm: “Mr. Cooper, the largest nonbank mortgage service in the United States has disclosed that the information of nearly 14.7 million people was breached during an October cyberattack.”

In terms of what types of information has been impacted, Costis explains: “The personally identifiable information (PII) accessed included social security numbers and bank information. Though the company did not disclose if this was a ransomware attack, they continue to monitor the dark web for any leaked data.”

Typical street scene. Image (C) Tim Sandle

As to what is being done to redress this significant incident, Costis finds: “In response to the breach, the company is offering all affected customers two years of credit monitoring as well as alternative options for loan repayment.”

The sector as a whole remains relatively vulnerable to these forms of cyber-incident. Costis evidences: “Just weeks after the FTC mandated 30-day breach reporting for non-banking financial institutions, Mr. Cooper was hit by this cyberattack, serving as a stark reminder of the vulnerability of these institutions to cybercrime and the urgency of cybersecurity measures in this sector.”

Meanwhile finance remains vulnerable, as Costis points out: “The banking and financial services industry remains a top target for cyberattacks. For organizations like Mr. Cooper, with millions of customers, a single breach can have devastating consequences.”

Despite the vulnerabilities there are measures that the business world can take to developed improved defences. Costis outlines these as: “To stay ahead, a proactive threat-informed cyber defence strategy is crucial. By studying the common tactics, techniques, and procedures (TTPs) used by threat actors, organizations can test their systems and align their security defences against these simulated attacks.”

Costis pits out another recommendation for financial institutions to consider: “Through continuous testing, you can evaluate any weaknesses in your defences before threat actors do, eliminating potential blind spots.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Life

If the government doesn’t think differently about the delivery, it could leave the poorest children and families far behind.

Business

What is clear is how companies can increasingly "leverage the value of that advert across multiple different platforms, not just TV. 

Business

The moves, which Beijing said were to safeguard national security, swiftly followed Washington's own curbs to hobble China's ability to make advanced computer chips...

World

Donald Trump doubled down Sunday on hard-line campaign pledges to impose trade tariffs and carry out mass deportations.