With 4.3 million customers in its servicing portfolio and $937 billion in unpaid principal balance as of September, Mr. Cooper Group is facing federal class action lawsuits in Texas from customers.
On Oct. 31, Mr. Cooper became the target of a cyber security attack and it says it took immediate action to lock down its systems and keep its data safe. The system was not entirely restored until Nov. 12. During the lockdown, Mr. Cooper tried to reassure customers about their personal data.
"Mr. Cooper lost control over its customer’s highly sensitive Personal Information in a data breach perpetrated by cybercriminals," one lawsuit states. According to the complaint, the information exposed includes names, social security numbers, addresses, phone numbers, dates of birth, zip code, and state of residence.
The customers allege the Dallas-based mortgage servicer failed to adhere to industry standards for safeguarding the personally identifiable information of millions of individuals held within its systems.
A spokesperson for Mr. Cooper said the company does not comment on pending litigation.
The mortgage servicer faces allegations of negligence, breach of implied contract, unjust enrichment, and other claims.
In an update on its website, Mr. Cooper announced the partial resumption of its operations, with phone systems and its website back in service. The company pledged to investigate the extent of the information exposed and provide affected customers with complimentary credit monitoring services in the coming weeks.
While the company estimates that fourth-quarter earnings will bear additional vendor costs of $5 to $10 million, the full extent of remediation and legal expenses resulting from the cyberattack remains uncertain at this time.