Data security

The lender didn't reveal whether the incident was related to a purported ransomware gang attack last March.

In a new filing with the Securities and Exchange Commission, the company attributed delayed transactions, loss of business to other providers and one-time expenses to reduced revenue but expected a limited effect on financial health.

Most of the legal filings accuse the title insurer and its subsidiary, LoanCare, of failing to protect the personal identifiable information of customers.

The lender had taken certain systems offline and was working to restore business operations as of Monday morning.

The company's latest filing provided a brief timeline of the incident that was uncovered on Dec. 20.

The title insurer said its title data and property records research tools have been restored, as well as its warranty site.

In a filing, the company's subservicing subsidiary Loancare said 1.3 million customers had their data compromised, while in an ongoing situation, customers of fellow title insurer First American find themselves without email or online access after a separate incident last week.

The title company was also attacked in 2019 and joins Fidelity National and Mr. Cooper among recent victims.

Both past and present customers were impacted by the data breach.

Lawyers for the plaintiff maintain the companies should have been on notice of inadequate security measures after a reported data breach in 2022.

To make amends to former and current borrowers, Mr. Cooper is footing the bill for two years of complimentary identity protection services.

An increase in paper mail theft corresponds with a rise in physically altered checks that redirect funds to fraudsters.

While ransomware group Alphv/Blackcat claims to have orchestrated the incident, title insurance company Fidelity National Financial has not yet stated whether confidential data was compromised.

To date, all of the lawsuits accuse the servicer of failing to secure and safeguard customers personal identifiable information.

Also, Wells Fargo, Finance of America entered into partnerships affecting real estate tax and cybersecurity solutions.

At least two legal actions have been filed in a Texas federal court.

Some of the lender's servicing systems continue to be shutdown as of Wednesday.

Some of the lender and servicer's systems are offline following the attack on Oct. 31.

The order follows a similar decree by the Securities and Exchange Commission for publicly traded firms to disclose incidents they deem "material."

The types of attacks ranged from malware, phishing and a zero-day hack of a vendor software which has rattled numerous bank and non-bank lenders.