Mr. Cooper, the mortgage and loan giant with more than four million customers, has confirmed customer data was compromised during a recent cyberattack.
In an updated notice on its website published Thursday, Mr. Cooper said that it was “still investigating what data may have been exposed,” though it remains unclear what kind of cyberattack hit Mr. Cooper’s systems.
“Mr. Cooper does not store banking information related to mortgage payments on our systems. This information is hosted with a third-party provider and, based on the information we have to date, we do not believe it was affected by this incident,” the company added.
The notice said that the company plans to mail notices to affected customers “in the coming weeks.”
The outage affecting the mortgage and loan giant’s systems continues into its second week. Mr. Cooper said it was hit by a cyberattack on October 31, which it disclosed two days later. The company said it immediately shut down its systems to limit the cyberattack.
TechCrunch has heard from several customers affected by the cyberattack, who say they have been unable to log in to their accounts.
In a separate filing with the U.S. Securities and Exchange Commission, Mr. Cooper said it expects to incur up to $10 million in additional vendor costs during its fiscal fourth quarter, adding that it does not expect a material impact to its business.
Mr. Cooper spokesperson Christen Reyenga deferred our request for comment to a third-party public relations firm, which reiterated Mr. Cooper’s updated public statement, but did not answer our specific questions or say if the company has received any communication from the hackers. Mr. Cooper did not make CISO Scot Miller available for an interview, when requested by TechCrunch.
Do you work at Mr. Cooper and know more about the cyberattack? You can contact Zack Whittaker by email at zack.whittaker@techcrunch.com. You also can share files and documents with TechCrunch via our SecureDrop.