Cybernews reports that major U.S. mortgage and loan firm Mr. Cooper had data from more than 2 million of its customers leaked as a result of an unsecured Google Cloud storage bucket.
Included in the open database were files containing personal data that may have been leveraged by Mr. Cooper to monitor "Paperless" feature adoption among its customers, with information on 2.7 million people found on documents containing names and phone numbers and details on 1.7 million individuals on files with names and emails, according to the Cybernews research team. Researchers also discovered that the database exposed the names and phone numbers of more than 500,000 customers of United Wholesale Mortgage, Lakeview, Veterans United, USAA, RightPath Servicing, Wintrust Mortgage, and Paddio. Such a leak follows Mr. Cooper's disclosure of a major data breach that impacted 14.6 million individuals but no link has been found between both incidents. "Since the leak was discovered after the company reported a significant data breach, it may show that the company's reaction to the incident was insufficient and failed to identify sensitive resources that needed proactive attention," said researchers.
Included in the open database were files containing personal data that may have been leveraged by Mr. Cooper to monitor "Paperless" feature adoption among its customers, with information on 2.7 million people found on documents containing names and phone numbers and details on 1.7 million individuals on files with names and emails, according to the Cybernews research team. Researchers also discovered that the database exposed the names and phone numbers of more than 500,000 customers of United Wholesale Mortgage, Lakeview, Veterans United, USAA, RightPath Servicing, Wintrust Mortgage, and Paddio. Such a leak follows Mr. Cooper's disclosure of a major data breach that impacted 14.6 million individuals but no link has been found between both incidents. "Since the leak was discovered after the company reported a significant data breach, it may show that the company's reaction to the incident was insufficient and failed to identify sensitive resources that needed proactive attention," said researchers.
