top of page

4 Million Can’t Pay Mortgage Since Mr. Cooper Breach

Published: December 21, 2023 on our newsletter Security Fraud News & Alerts Newsletter.

More than four million Mr. Cooper mortgage customers found themselves locked out of the company’s website recently. Unable to log in, pay mortgages, or perform other transactions relating to Mr. Cooper’s services, customers were clueless until the company posted that a “cybersecurity incident” had taken place. Certain systems were “locked down” while they investigated the breach and advised customers to take steps to mitigate their own risk of data theft.

Formerly known as Nationstar Mortgage, Mr. Cooper is the largest non-bank mortgage service in the U.S., according to Forbes. Mr. Cooper posted the notice twelve days after the breach was discovered. The Dallas-based company worked with cybersecurity pros to find out how it happened and what information was compromised.

This incident isn’t a “get out of mortgage payment-free” card. Mortgage payments will still need to be paid. They assured customers would not experience any fees, penalties, or damaging credit reporting, and those with stolen data will be notified directly.

Smart and Secure To-Do’s

Mortgage lenders require data-rich customer profiles with physical and email addresses, phone numbers, Social Security numbers, and banking and payment information as just some of what’s stored. Mr. Cooper customers are rightly concerned about what of their PII ended up in the wrong hands. And rightly so.

Whether their PII was compromised or not, all customers should change their password immediately, making it a minimum of eight characters and a mix of letters, numbers, and symbols. Always enable two-factor authentication (2FA) when offered with any account, especially those holding sensitive PII. Also, be on the lookout for email and other phishing attempts. Cybercriminals use hijacked PII to convince a target the scam is legitimate. Remember, being victimized once by data theft can mean you’ll be targeted again (and again) with your stolen data.

Every data breach is a sad reminder that we can’t always count on our PII being protected by the companies who use it. A healthy dose of common sense and cyber-smarts are needed to keep safe when the next business fails in keeping our data secure. That, you can count on.

Want to schedule a conversation? Please email us at

bottom of page