Flagstar Bank Breach Exposes 837,000 Customers’ Data
Flagstar Bank, a prominent American financial institution, has fallen victim to a data breach, exposing the personal information of more than 800,000 of its US customers. This marks the third data breach incident for the bank in just over two years. According to Maine’s data breach portal, the stolen data includes sensitive information, such as customer names and Social Security numbers.
Flagstar Bank, headquartered in Troy, Michigan, and a wholly owned subsidiary of New York Community Bank, is a significant player in the US residential mortgage servicing industry. The breach, however, did not directly target Flagstar Bank itself. Instead, it originated from a breach at a third-party service provider, Fiserv, which offers payment processing and mobile banking services to the bank. Fiserv was a victim of the large-scale MOVEit campaign orchestrated by the Russia-linked ransomware group known as Cl0p.
According to the bank’s breach notification sent to affected customers, the unauthorized activity occurred between May 27 and May 31, 2023. During this period, threat actors accessed files transferred via Fiserv’s MOVEit software, including customer data belonging to Flagstar Bank and related institutions.
The bank emphasized that the MOVEit flaw did not compromise any of its own systems and did not affect its ability to provide services to its customers. Nevertheless, the breach underscores that even third-party service providers and their vulnerabilities can directly impact client organizations and their customers.
Flagstar Bank has taken steps to address the breach’s impact on its customers. They have offered affected individuals complimentary identity monitoring services and have advised them to remain vigilant and closely monitor their credit history.
This significant breach serves as a reminder of the ongoing threats faced by organizations in the financial sector, and the need for robust cybersecurity measures to stop sensitive customer data from falling into the wrong hands.