Connect with us

Hi, what are you looking for?

Tech & Science

Major mortgage provider struck by cyberattack

The banking and financial services industry remains a top target for cyberattacks.

Hacks have increased through the pandemic and the war in Ukraine. — © AFP/File Noel Celis
Hacks have increased through the pandemic and the war in Ukraine. — © AFP/File Noel Celis

Mortgage giant Mr. Cooper has just disclosed that the information of nearly 14.7 million people was accessed in an October 2023 cyberattack. Following this news, Andrew Costis, Chapter Lead of the Adversary Research Team at AttackIQ, looks into what has gone wrong with this trusted firm.

According to Mr. Cooper: “that personal information relating to substantially all of our current and former customers was obtained from our systems during this incident. To assist our customers, we will offer complimentary identity protection services, including credit monitoring, to all of our current and former customers for two years.”

Costis begins by setting the scene, especially for non-U.S. residents, as to the significance of the firm: “Mr. Cooper, the largest nonbank mortgage service in the United States has disclosed that the information of nearly 14.7 million people was breached during an October cyberattack.”

In terms of what types of information has been impacted, Costis explains: “The personally identifiable information (PII) accessed included social security numbers and bank information. Though the company did not disclose if this was a ransomware attack, they continue to monitor the dark web for any leaked data.”

Typical street scene. Image (C) Tim Sandle

As to what is being done to redress this significant incident, Costis finds: “In response to the breach, the company is offering all affected customers two years of credit monitoring as well as alternative options for loan repayment.”

The sector as a whole remains relatively vulnerable to these forms of cyber-incident. Costis evidences: “Just weeks after the FTC mandated 30-day breach reporting for non-banking financial institutions, Mr. Cooper was hit by this cyberattack, serving as a stark reminder of the vulnerability of these institutions to cybercrime and the urgency of cybersecurity measures in this sector.”

Meanwhile finance remains vulnerable, as Costis points out: “The banking and financial services industry remains a top target for cyberattacks. For organizations like Mr. Cooper, with millions of customers, a single breach can have devastating consequences.”

Despite the vulnerabilities there are measures that the business world can take to developed improved defences. Costis outlines these as: “To stay ahead, a proactive threat-informed cyber defence strategy is crucial. By studying the common tactics, techniques, and procedures (TTPs) used by threat actors, organizations can test their systems and align their security defences against these simulated attacks.”

Costis pits out another recommendation for financial institutions to consider: “Through continuous testing, you can evaluate any weaknesses in your defences before threat actors do, eliminating potential blind spots.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

News

If this election turns into a random shooting war, things won’t end well for America.

World

As the bangs ran out, Trump clearly grimaced and clutched a hand to his right ear, on which blood could later be seen.

Entertainment

Swiss singer Nemo's 2024 Eurovision victory means Switzerland gets to host the glitzy TV extravaganza next year.

Sports

Catherine, Princess of Wales, will attend the Wimbledon Men's final in London on Sunday as she recovers after being diagnosed with cancer.