Mr. Cooper Group announced on Thursday that certain systems it locked down in early November after a cyberattack have resumed operations. Still, the incident will bring additional costs to the company in the fourth quarter.
On Oct. 31, Dallas-based Mr. Cooper disclosed that it had experienced a cybersecurity incident. An unauthorized third party accessed certain of its technology systems and customer data. The lender and servicer informed law enforcement, regulatory authorities and other stakeholders.
“Following detection of this incident, the Company initiated response protocols that included deploying containment measures involving shutting down certain systems as a precautionary measure,” Mr Cooper said in an 8k filing with the Securities and Exchange Commission (SEC). “Due to these and other measures, we believe we have contained the cyber threat.”
Servicing operations resumed on Nov. 4, with employees taking customer calls and payments, remitting to investors and onboarding new loans. The company has already resumed buying mortgage servicing rights (MSRs).
Mr. Cooper had 4.3 million customers and $937 billion in UPB at the end of September. It aims to reach $1 trillion in MSR, including via acquisitions.
Regarding its origination system, the company expects to “be fully operational shortly, following reestablishment of connectivity with vendors and agencies.”
Customers could not make payments or access their accounts because the system was down from Nov. 1 to Nov. 4. Mr. Cooper said consumers will not be subject to late fees, penalties or negative credit reporting related to late payments.
Mr. Cooper funded $3.3 billion in origination volume in the third quarter of 2023.
The company estimates fourth-quarter earnings will include $5 to $10 million in additional vendor costs. At this time, however, it’s not possible to quantify the full extent of remediation and legal expenses.
The company expects pretax operating earnings between $0 and a loss of $10 million in its origination segment in the fourth quarter due to the shutdown of its systems.
Meanwhile, the servicing segment pretax operating earnings should be between $200 million and $210 million, excluding MSR mark-to-market net of hedges.
The cyber attack is not expected to bring a “material” impact on the company finances, Mr. Cooper said. In addition, operational impacts will be limited to the fourth quarter.
In late October, the Federal Trade Commission (FTC) informed that nonbank financial institutions, including mortgage brokers, motor vehicle dealers and payday lenders, must report certain data breaches and other security events.