Mr. Cooper Cybersecurity Incident Exposes Customer Data
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
Mr. Cooper Group, one of the largest mortgage service providers in the US, revealed a security incident that is said to have compromised personal data of some of its customers.
The October 31 cyberattack not only allowed unauthorized actors gain access to the firm’s network, but also led to a disruption of services, particularly processing of customer payments.
In a public notice, the Texas-headquartered firm stated that upon discovery, an investigation was immediately launched to determine the nature and impact of the attack. Although the details remain unconfirmed, Mr. Cooper said that it will continue ‘’to investigate precisely what information was exposed,’’ and offer free credit monitoring services to impacted customers.
It also advised customers to monitor their bank accounts and credit reports and urged them to notify any suspicious or unauthorized activity immediately to the concerned bank.
As a precautionary measure, customers were advised to set up ‘fraud alert’ on their files with the credit bureaus for additional protection.
‘’You can also contact the three major credit bureaus to place a “fraud alert” on your file at no cost, which alerts creditors to contact you before they open a new credit account under your Social Security number. Additionally, you should update your passwords frequently and with increasing complexity and be mindful to not use the same password across multiple personal accounts,’’ the notification advised .
The mortgage provider assured customers that the attack would not result in any penalties or late fee payment charges.‘’As long as your November payment is received by the end of the month, you will not incur any fees, penalties or negative credit reporting related to late payments as we work to fix this issue.’’
Formerly Nationstar Mortgage LLC, the home loan service provider claims to have 4.3 million customers in the US, and is said to manage mortgages worth $937 billion by the end of Q3, 2023.
McLaren Health Care Data Breach Impacts Over 2.2 Million Individuals
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
Michigan-based healthcare provider ,McLaren, confirmed the data breach incident, claimed last month by the notorious ransomware gang, BlackCat (also known as ALPHV).
First identified around August 22, 2023, the incident is said to have impacted more than 2.2 million people. Its discovery led to the launch of an investigation which revealed that unauthorized actors had infiltrated its system and accessed certain information stored therein, between July 28, and August 23, 2023.
The third-party assisted investigation of impacted files not only revealed the type of information stolen but also the level of exposure suffered by impacted individuals. ‘’It was through this process, which concluded on October 10, 2023, that we determined that information pertaining to you may have been included in the potentially impacted files,’’ the notification revealed .
The information which varied by individuals included the names, social security numbers, birth, and health insurance details. Medical records like physician, medication, diagnosis, treatment, Medicare/Medicaid, and billing or claims information, as well as medical record number.
McLaren Health Care stated that no evidence was found of any misuse of stolen data by the hackers. However, one cannot negate the possibility of the data being sold on the dark web for nefarious purposes including, identity theft, phishing attacks, insurance, or medical frauds, etc.
In addition to securing its network, the healthcare provider has informed the concerned US authorities and notified the impacted people through emails about the incident. It is also offering a 12-month free identity theft protection services through IDX to the concerned individuals.
‘’While there is currently no evidence that your information has been misused, we recommend that you remain vigilant, monitor and review all of your financial and account statements and explanations of benefits, and report any unusual activity to the institution of record and to law enforcement,’’ McLaren advised.
The breach first came to notice when ALPHV claimed responsibility for the attack in the first week of October, and published sample data sets on its blog.
