Mr. Cooper's cybersecurity incident may impact its creditworthiness, Moody's says

It has been over a week since Mr. Cooper experienced a cybersecurity incident impacting its servicing systems. Some of its infrastructure continues to be shut down as of Wednesday, though the company is making strides to restore its systems.

The mortgage lender, as of Nov. 6, announced it is now able to take payments from borrowers and "provide limited information" regarding a loan on its website, though the information available reflects a consumer's loan status as of Oct. 31.

"We are working diligently to restore the remaining services and will continue to provide updates as they become available," the lender wrote on its website. The magnitude of the attack and how long Mr. Cooper's systems will be locked down might impact the lender's credit quality, according to Moody's Investors Service.

"The cyberattack against Mr. Cooper, which blocked millions of customers from making payments and processing mortgage transactions, is credit negative, said Stephen Lynch, vice president and senior credit officer for Moody's. "The full impact of the event will depend on duration of the disruptions, ensuing potential reputational damage, and magnitude of the breach."

Moody's noted it is monitoring how the incident will impact the lender's outstanding servicer quality assessments and approximately 450 RMBS transactions serviced by Mr. Cooper.

The cyberattack has also prevented loan activity reporting to investors.

Both Fannie Mae and Freddie Mac published statements Monday informing the public that they did not receive loan activity reporting, which includes loan payoffs and payments corrections, from the lender because of the breach.

"When servicers do not report loan activity to us, we distribute scheduled principal and interest to mortgage-backed securities certificate holders," Fannie Mae wrote in a statement. "As a result, any prepayments that were received by Mr. Cooper but were not reported to us related to October loan activity will be distributed to MBS certificate holders on the first distribution date that follows our receipt and reconciliation of the required prepayment information from Mr. Cooper."

According to Mr. Cooper's initial disclosure of the cybersecurity attack, customers were immediately alerted of this issue and those "who have tried or need to make payments will not incur fees, penalties or negative credit reporting as we work to resolve this issue." The incident took place on Oct. 31.

"We value our customers and take their data privacy very seriously, and we have launched an investigation with assistance from leading cybersecurity experts and notified law enforcement," a company spokeswoman said.

The attack coincides with a number of other cybersecurity incidents hitting the mortgage industry of late. Earlier this year, companies such as Planet Home Lending and Mutual of Omaha Mortgage disclosed that they were impacted by attacks that compromised the personally identifiable information of consumers. 

Reporting these types of instances will be mandated for mortgage shops early next year as the Federal Trade Commission Friday voted unanimously in October to approve an amendment to its Safeguards Rule to include nonbank financial institutions.