– Mr. Cooper, a loan servicing giant, has resumed collecting monthly payments from mortgage borrowers after a precautionary shutdown due to a cybersecurity threat.
– It is unclear how many customers had their data exposed in the breach, as the company is still investigating.
– Mr. Cooper reassures customers that their banking information related to mortgage payments was not impacted.
– The company expects its loan originations systems to be fully operational soon and has already resumed buying mortgage servicing rights.
– The cyberattack is expected to result in additional vendor costs and have an impact on fourth-quarter revenue and expenses, but it is not expected to have a material impact on the company’s results of operations or financial condition.
– Despite the cyberattack, Mr. Cooper is still focused on its goal of building a $1 trillion mortgage servicing rights portfolio.
– The company’s mortgage origination business has been affected by rising mortgage rates, leading to a drop in loans funded.
– Mr. Cooper expects the operational impacts of the cyberattack to be limited to the fourth quarter.
– In the past, Mr. Cooper has faced other issues, such as a payment processing error that resulted in a $25 million penalty.
The verdict is in — the old way of doing business is over. Join us at Inman Connect New York Jan. 23-25, when together we’ll conquer today’s market challenges and prepare for tomorrow’s opportunities. Defy the market and bet big on your future.
Loan servicing giant Mr. Cooper has resumed collecting monthly payments from mortgage borrowers and also expects its loan originations systems to be “fully operational shortly” after a four-day “precautionary shutdown” to contain a cybersecurity threat that exposed the data of an unknown number of customers.
Mr. Cooper collects payments from more than 4 million homeowners on behalf of lenders and investors, but it’s unclear how many had their data exposed as the company continues to investigate a breach discovered on Halloween.
A preliminary analysis has revealed “that certain customer data was exposed, however it will require additional analysis to validate this finding and quantify the scope and type of any such exposure,” Mr. Cooper said in a report to investors Thursday.
“We continue to conduct a thorough investigation and have not reported the total customer impact number at this time,” a spokesperson for the company told Inman in a statement. “Any customer impact number reported in the media is speculation.”
On its website, Mr. Cooper is assuring its customers that it “does not store banking information related to mortgage payments on our systems. This information is hosted with a third-party provider and, based on the information we have to date, we do not believe it was affected by this incident. As a result, we do not believe that any of our customers’ banking information related to mortgage payments was impacted.”
After discovering on Oct. 31 that an unauthorized party had gained access to some of its internal systems, Mr. Cooper shut some systems down from Nov. 1 through Nov. 4, and many customers were unable to make payments or access their accounts, the company said.
The company says it restarted servicing operations on Saturday, Nov. 4, 2023, “to include taking customer calls and payments, remitting to investors, and onboarding new loans.”
Affected borrowers won’t be charged late fees, penalties or be subjected to negative credit reporting related to late payments as a result of the incident, the company said.
Mr. Cooper also originates mortgages, primarily by offering refinancing to homeowners it collects payments from. The company said Thursday that it expects its loan originations systems “to be fully operational shortly, following reestablishment of connectivity with vendors and agencies, and we have already resumed buying mortgage servicing rights.”
Mr. Cooper said it expects to rack up $5 million to $10 million in additional vendor costs as a result of the cyberattack, and that the precautionary shutdown of its systems will have an additional impact on fourth-quarter revenue and expenses.
While the full extent of remediation and legal expenses stemming from the cyberattack can’t yet be quantified, the company said it does “not believe the impact will be material to our results of operations or financial conditions.”
Quest for $1 trillion mortgage servicing portfolio
In the long run, the cyberattack may end up just being a bump in the road in Mr. Cooper’s quest to build a $1 trillion mortgage servicing rights (MSR) portfolio.
Dallas, Texas-based Mr. Cooper reported a $275 million third-quarter profit on Oct. 25, as pretax operating income from loan servicing grew by 65 percent from the previous quarter, to $301 million.
Having grown its MSR portfolio by 10 percent in the last year, Mr. Cooper was collecting payments from 4.29 million borrowers who owed $937 billion in outstanding mortgage debt as of Sept. 30.
“Our impressive performance, highlighted by rising return on equity, strong book value per share growth, robust capital and record liquidity, reflects the strength of our balanced business model,” Mr. Cooper Chairman and CEO Jay Bray said in an earnings announcement. “With our servicing portfolio now at $937 billion, Mr. Cooper’s consistent track record of growth has propelled us to the nation’s leading servicer, one step closer to achieving our $1 trillion target.”
Rising mortgage rates curb originations
Mr. Cooper generates most of its revenue from the fees it collects from investors and lenders for collecting mortgage payments on their behalf.
But it also originates mortgages through two channels: A direct-to-consumer channel, which offers refinancing to loan servicing clients, and a correspondent channel, which purchases or originates loans from mortgage bankers. Mr. Cooper’s origination business, which primarily serves homeowners seeking to refinance at a better rate, has dwindled as mortgage rates have climbed from historic 2021 lows.
During the third quarter, Mr. Cooper funded 12,468 loans totaling $3.4 billion, half through the direct-to-consumer channel and half through the correspondent channel. That represented an 11 percent drop from the previous quarter and a 40 percent drop from a year ago.
In reporting the impact of the cyberattack to investors Thursday, Mr. Cooper said that due to the precautionary shutdown of its systems it now expects its mortgage originations business will generate no pretax operating earnings during the fourth quarter, and could lose up to $10 million. The loan servicing business is now expected to generate fourth-quarter pretax operating earnings of $200 million to $210 million.
“However, we expect that such operational impacts will be limited to fourth quarter,” the company said.
In June, electronic payment processor ACI Worldwide Corp. agreed to pay a $25 million penalty to the Consumer Financial Protection Bureau (CFPB) to resolve allegations that its subsidiary ACI Payments Inc. accidentally initiated $2.3 billion in mortgage payments to Mr. Cooper from 500,000 homeowners’ bank accounts in April 2021. Mr. Cooper was an ACI client and was not accused of wrongdoing.
Get Inman’s Mortgage Brief Newsletter delivered right to your inbox. A weekly roundup of all the biggest news in the world of mortgages and closings delivered every Wednesday. Click here to subscribe.
Property Chomp's Take:
The recent cybersecurity threat faced by Mr. Cooper, a loan servicing giant, has highlighted the vulnerability of businesses in the digital age. The company was forced to shut down its systems for four days in order to contain the breach and assess the damage. While the full extent of the breach is still unknown, Mr. Cooper has resumed collecting monthly payments from mortgage borrowers and expects its loan originations systems to be fully operational shortly.
The breach, which was discovered on Halloween, exposed the data of an unknown number of customers. Mr. Cooper collects payments from over 4 million homeowners on behalf of lenders and investors, making it unclear how many individuals were affected. The company is currently conducting a thorough investigation to determine the scope and type of any exposed customer data.
In a report to investors, Mr. Cooper stated that while certain customer data was exposed, no banking information related to mortgage payments was stored on their systems. This information is hosted with a third-party provider, and based on the information available, it is believed to be unaffected by the breach.
The incident has had significant financial implications for Mr. Cooper. The company expects to incur $5 million to $10 million in additional vendor costs as a result of the cyberattack. The precautionary shutdown of its systems will also impact fourth-quarter revenue and expenses. However, Mr. Cooper does not believe that the cyberattack will have a material impact on its overall results of operations or financial condition.
Despite this setback, Mr. Cooper remains focused on its long-term goal of building a $1 trillion mortgage servicing rights (MSR) portfolio. The company reported a $275 million profit in the third quarter, with pretax operating income from loan servicing growing by 65 percent from the previous quarter. Mr. Cooper's MSR portfolio has grown by 10 percent in the past year, and it currently collects payments from 4.29 million borrowers who owe $937 billion in outstanding mortgage debt.
The cyberattack has affected Mr. Cooper's mortgage originations business, which has seen a decline due to rising mortgage rates. The company funded 12,468 loans totaling $3.4 billion in the third quarter, representing an 11 percent drop from the previous quarter and a 40 percent drop from a year ago. As a result of the precautionary shutdown, Mr. Cooper now expects its mortgage originations business to generate no pretax operating earnings in the fourth quarter and could potentially lose up to $10 million.
In the face of this challenge, Mr. Cooper remains optimistic about the future. The company expects the operational impacts of the cyberattack to be limited to the fourth quarter, and it is confident in its ability to bounce back. With a strong track record of growth and a focus on providing excellent service to its customers, Mr. Cooper is determined to overcome this setback and continue its journey towards becoming the nation's leading mortgage servicer.