← Back to incidents

Incident · Unknown

Mr. Cooper Group Inc. · COOP

FinancialsUSAIncident October 31, 2023Filed November 2, 2023
Impact score
Business continuity
Partial
Insurance involved
Not disclosed
Filing
8-K · 8.01

Breach taxonomy

UnknownData ExfilPersonal DataBiz InterruptionInfo Privacy Loss

Summary

On October 31, 2023, Mr. Cooper Group discovered an unauthorized third party had gained access to certain of its technology systems. The company deployed containment measures including shutting down certain systems. A subsequent amendment confirmed that personal information of substantially all current and former customers was obtained, with fourth-quarter remediation vendor costs updated to $25 million. Mr. Cooper offered two years of complimentary identity protection and credit monitoring to all current and former customers. Filed under Item 8.01; company initially determined not material.

Tagging rationale

ThreatUnknown

Filing does not attribute the incident to a specific actor → UNKNOWN.

MethodsData Exfil

Unauthorized third party accessed technology systems and exfiltrated customer personal information → DATA-EXFIL.

AssetsPersonal Data

A subsequent amendment confirmed personal information of substantially all current and former customers was obtained from company systems → PERSONAL-DATA.

EffectsBiz InterruptionInfo Privacy Loss

Systems were shut down as containment measure (BIZ-INTERRUPTION); personal information of substantially all customers was obtained (INFO-PRIVACY-LOSS).

Business continuityPartial

Filing states the company deployed containment measures and shut down certain systems; investigation ongoing at time of initial filing → Partial.

Impact

PII of substantially all Mr. Cooper customers obtained (millions of mortgage customers); $25M in remediation costs; company offered identity protection services to all customers → score 3.

InsuranceNot disclosed

Filing makes no mention of insurance → null.

Read the original SEC filing excerpt
Item 8.01 Other Events On October 31, 2023, Mr. Cooper Group Inc. (the Company) determined that the Company had experienced a cybersecurity incident in which an unauthorized third party gained access to certain technology systems. Following detection of the incident, the Company initiated response protocols, including deploying containment measures to protect systems and data and shutting down certain systems as a precautionary measure. The Company launched an investigation with assistance from leading cybersecurity experts and notified law enforcement. While the Company's investigation is ongoing, based on information currently known, the Company does not believe this incident will have a material adverse effect on its business, operations or financial results.
View SEC filingBack to database

More in Financials

Unknown · March 23, 2026

Bitcoin Depot Inc.

On March 23, 2026, Bitcoin Depot discovered that an unauthorized party gained access to its IT systems and obtained control of credentials a

Unknown · March 2, 2026

Heritage Financial Corporation

On or about March 2, 2026, Heritage Financial Corporation detected unauthorized access to an internal file share server used by employees, w

Unknown · September 1, 2025

Prosper Marketplace, Inc.

On September 1, 2025, Prosper Marketplace identified that an unauthorized third party gained access to company systems containing proprietar

Unknown · August 14, 2025

BayFirst Financial Corp.

On August 14, 2025, BayFirst National Bank was notified of a cybersecurity incident at a third-party marketing services provider. On October