On its website, the company was posting as of Sunday, Nov. 5, “On October 31, Mr. Cooper became the target of a cyber security incident and took immediate steps to lock down our systems in order to keep your data safe. As of Nov. 3 at 5 pm CT, our systems remain locked down, and we are working on a resolution as quickly as possible. For the latest information, please visit https://incident.mrcooperinfo.com.”
The attack comes days after the mortgage servicing company reported third-quarter net income of $275 million on Oct. 25. After adjusting for mark-to-market and specific other factors, the company reported a pretax operating income of $249 million.
The company inadvertently may have painted a bull’s eye on its back. In addition to healthy third-quarter profits, company officials said during an earnings call it was the biggest and best. Chairman and CEO Jay Bray said during the call that Mr. Cooper Group is now the "industry's largest servicer. We are also the most efficient."
In a statement posted to its website, Mr. Cooper told customers, “Rest assured, you will not incur any fees, penalties or negative credit reporting related to late payments as we work to fix this issue.”
A company spokesperson said Monday, "At this time, we believe this cybersecurity incident was isolated to Mr. Cooper systems and technology and did not affect any of the company’s clients’ or partners’ systems or technology. Mr. Cooper customers and customers whose loans we service on behalf of our clients who have tried or need to make payments will not incur fees, penalties or negative credit reporting as we work to resolve this issue."
The website says rate locks will be honored, and the company will also comply with its close-on-time guarantee even while the system is down. According to the website, Mr. Cooper will cover a consumer’s first month’s mortgage payment (principal + interest) in the event of a delayed closing.