Mr. Cooper hit with second class-action suit related to data breach

Cyber attack exposed 14.6 million customers’ personal information

Mr. Cooper Hit With Second Lawsuit Related to Data Breach
Mr. Cooper’s Jay Bray and Chris Marshall (Illustration by The Real Deal with Getty, Mr Cooper Group)

Mortgage loan giant Mr. Cooper is grappling with a second class-action lawsuit after a significant data breach compromised 14.6 million customers’ personal information late last year. 

The lawsuit accuses Mr. Cooper of neglecting its responsibility to secure customer information, while seeking financial compensation and mandates for enhanced security measures, the Dallas Morning News reported. The lawsuit was filed in a Dallas federal court on Dec. 22.

Mr. Cooper, a major player in the U.S. residential mortgage sector, services 4.3 million customers with an outstanding balance totaling $870 billion. 

“I want you to know how sorry I am for any concern or frustration this may have caused,” Mr. Cooper CEO Jay Bray said in a statement. “Making the homeownership journey as smooth as possible is our top priority, and we intend to make this right for our customers.”

The breach, which transpired between Oct. 30 and Nov. 1, exposed sensitive data including names, addresses, Social Security numbers and bank account details. While no reported incidents of identity theft have emerged, the lawsuit highlights potential risks such as fraudulent financial activities and misuse of personal information. 

The lawsuit’s viability could be compromised without concrete evidence of harm, said Sari Mazzurco, an assistant professor of law at Southern Methodist University.

Sign Up for the undefined Newsletter

By signing up, you agree to TheRealDeal Terms of Use and acknowledge the data practices in our Privacy Policy.

In a recent regulatory filing, Mr. Cooper allocated $25 million to address fallout expenses, including identity protection services for affected customers over two years. This response aligns with the company’s ongoing collaboration with law enforcement, regulators and litigation defense efforts.

In a separate case, Home Care Providers of Texas settled a 2022 data breach, which affected over 124,000 people, for $1.4 million. Drawing parallels, Mazzurco speculated that Mr. Cooper might consider a settlement strategy, potentially exceeding $1 billion, given the sheer scale of affected customers. 

“I’d imagine they want to settle and put this behind them quickly,” she told the outlet. “It would probably be a smaller amount than the expense they’d incur litigating the case in court.”

—Quinn Donoghue 

Read more