Mr. Cooper hit with second lawsuit over massive mortgage loan data breach – The Dallas Morning News

4 minutes, 38 seconds Read

Mortgage loan giant Mr. Cooper is facing a second class-action lawsuit after hackers stole the personal information of 14.6 million customers in late 2023.

The latest lawsuit, filed Dec. 22 in federal court in Dallas, accused the Coppell company of being careless with its security of customer information. The lawsuit seeks monetary damages and improvements to the company’s security protocol.

Mr. Cooper is one of the largest residential mortgage servicers in the U.S., serving 4.3 million customers with a combined unpaid principal balance of $870 billion. It’s also one of the 20 largest mortgage originators, funding $28 billion in loans in 2022.

Advertisement

Representatives from Mr. Cooper declined to comment on the lawsuit. Its chairman and CEO Jay Bray apologized to customers in a statement shortly before the new lawsuit was filed.

Business Briefing

Become a business insider with the latest news.

“We take our role as a mortgage company very seriously, and there is nothing more important to us than maintaining our customers’ trust,” he said. “I want you to know how sorry I am for any concern or frustration this may have caused. Making the homeownership journey as smooth as possible is our top priority, and we intend to make this right for our customers.”

Read more D-FW real estate news

Foxtrot plans to reopen at least 2 Dallas shops, co-founder says

After Foxtrot’s dramatic closure of coffee shops across Dallas in April 2024 — a move so sudden that customers and employees were told to leave in the middle of the business day — company Foxtrot co-founder Mike LaVitola told The Dallas Morning News that he expects to reopen at least two of the four locations in North Texas.

BNSF sues Gunter, setting up legal battle for logistics center

BNSF has pushed forward with its lawsuit against Gunter and its city council members as the two grapple for control over 900 acres in the area.

‘Traffic hell’ or ‘the heart’ of Far North Dallas? The fight over Pepper Square

There could be a bitter zoning battle in Far North Dallas over the future of the Pepper Square shopping center. Developer Henry S. Miller wants to add 1,550 apartments, while residents don’t want a single unit.
Advertisement

The data breach, which occurred between Oct. 30 and Nov. 1, compromised customer names, addresses, phone numbers, email addresses, Social Security numbers, dates of birth and bank account numbers, according to the lawsuit. Mr. Cooper said nearly all of its current and former customers were affected.

The suit alleged hackers could use the information to open new financial accounts, take out loans, file fraudulent tax returns and obtain medical records and government benefits under customers’ names.

Though no specific case of those crimes has been reported, the suit said customers “face a substantial risk of imminent and certainly impending harm.” It’s a problem that could haunt them for years if batches of info get sold on the black market, the suit said.

Advertisement

However, a lack of identity theft examples will weaken the class action’s case, said Sari Mazzurco, assistant professor of law at Southern Methodist University’s Dedman School of Law.

“Courts have a problem with letting suits proceed when there hasn’t been actual concrete harm,” she said. “I think it’s actually a really weak suit, as it’s written now. They might be able to amend it and show some details. But as of now, Mr. Cooper actually has a pretty strong argument that the case should be dismissed because there haven’t been any examples of concrete harm.”

In a regulatory filing last month, Mr. Cooper said it set aside $25 million for vendor expenses in the fourth quarter to deal with the fallout. That includes the cost of providing identity protection services to customers for two years.

“Our forensic review, engagement with law enforcement and regulators, and defense of litigation is ongoing,” the filing said. “We are in the process of reaching out to customers with instructions on how to sign up for these complimentary services and how to contact us with questions.”

In December 2023, Home Care Providers of Texas agreed to a $1.4 million settlement for a similar data breach in 2022 that affected 124,363 people. People who were affected are eligible to receive up to $5,000 in reimbursement for losses such as fraudulent expenses on credit cards and up to $125 for personal time lost in trying to resolve the matter.

The new lawsuit against Mr. Cooper doesn’t mention how many members are a part of the class action. But with 14.6 million people affected nationwide, Mr. Cooper could be looking at settlements reaching above $1 billion by the time legal actions are resolved, Mazzurco said.

“Because of the HCPT case and recent finalization of the settlement, I think it’s possible that it will give Mr. Cooper an indication that they need to follow toward the same path of settling,” she said. “I’d imagine they want to settle and put this behind them quickly. It would probably be a smaller amount than the expense they’d incur litigating the case in court.”

Advertisement

Fighting the lawsuits also could be risky for the company, said John Gunn, CEO of computer and network security company Token.

“The fundamental best practices will be examined, like did they apply all the latest patches and updates, are they using the newest multifactor authentication and did they encrypt all their data all the time?” he said. “If the answer to any of these questions is no, you’d rather be the plaintiff than the company being sued.”

This post was originally published on 3rd party site mentioned in the title of this site

Similar Posts