Mr. Cooper Group’s examination of the cyberattack it suffered in late October concluded that the personal information of current and former customers was compromised. The data breach led the company to estimate an additional vendor cost related to the incident in the fourth quarter to include offering identity protection services for two years.
On Oct. 31, the Dallas-based servicer and lender said it had experienced a cybersecurity incident with an unauthorized third party accessing certain portions of its technology systems and customer data. Mr. Cooper restarted servicing operations on Nov. 4 by taking customer calls and payments, remitting to investors and onboarding new loans.
On Friday morning, the company announced in a new 8k filing with the Securities and Exchange Commission (SEC) that its “forensic review has determined that personal information relating to substantially all of our current and former customers was obtained from our systems during this incident.”
Mr. Cooper had 4.3 million customers by the end of Sept. 30.
“To assist our customers, we will offer complimentary identity protection services, including credit monitoring, to all of our current and former customers for two years,” Mr. Cooper added in the document. “We are in the process of reaching out to customers with instructions on how to sign up for these complimentary services and how to contact us with questions.”
The initiative will add to Mr. Cooper’s costs. The company’s guidance for the fourth quarter will now include vendor expenses related to that incident of $25 million, compared to their previous estimate between $5 million and $10 million. The company included an accrual for the cost of providing identity protection services for two years.
Meanwhile, the company maintained its forecast for Q4 originations segment pretax operating earnings between $0 and a $10 million loss. The pretax operating earnings for the servicing segment is expected to be from $200 million to $210 million (excluding mortgage servicing rights mark-to-market net of hedges.)
Mr. Cooper delivered $275 million in net income in the third quarter, compared to $142 million in the second quarter. The company’s funded volume reached $3.3 billion from July to September. Its servicing portfolio was at $937 billion in UPB at the end of September.
Forensic review of the cyberattack, engagement with law enforcement and regulators, and litigation defense are ongoing. Due to the incident, several customers filed class-action lawsuits against the company, claiming Mr. Cooper failed to comply with industry standards to protect their information.
No Comments yet!