Flagstar Bank has disclosed a security incident that has resulted in the personal data exposure of up to 1.5 million customers.
As reported by Bleeping Computerthe data breach took place between December 3 and December 4, 2021.
The American financial organization is headquartered in Michigan and has more than 150 branches in Indiana, California, Wisconsin and Ohio, among others.
Flagstar Bank focuses on consumers and the enterprise, with approximately $23.2 billion in assets. Flagstar Bank is a subsidiary of Flagstar Bancorp, listed on the NYSE as FBC.
The company said in a security statement that the incident involved “unauthorized access” to the bank’s network.
“In response, Flagstar took immediate steps to secure its area and investigate the incident with the help of outside forensic experts,” Flagstar said.
On June 2, Flagstar’s investigators concluded that information from more than 1.5 million customers were either approached or stolen from the Flagstar network.
According to the organization, there is no evidence that this data was leaked, sold or otherwise misused.
“Since then, we have taken several measures to strengthen our information security. We now believe that we have strengthened processes and systems in a way that should reduce our cyber vulnerabilities in the future,” the company said:†
When a data breach occurs at a large company, a standard step now being taken is to offer affected customers free credit monitoring services. Flagstar Bank has chosen to go this route and anyone notified of the potential leak of their personal information will be offered two years of free monitoring by Kroll.
“Our sincere apologies for any inconvenience this has caused you,” said Flagstar Bank. “We remain fully committed to preserving the privacy of personal information in our possession and have taken many precautions to protect it.”
This is the second security vulnerability to affect Flagstar in just over a year.
In March 2021, the company, customer of Accellion, was influenced by a security incident caused by a zero-day vulnerability in Accellion’s file-sharing platform, File Transfer Appliance (FTA). This flaw allowed an unauthorized party to access some of Flagstar’s information on the Accellion platform.
Flagstar said operating the FTA apparatus could have resulted in customer PII exposure and affected customers would receive free credit monitoring.
ZDNet has reached out to Flagstar Bank with additional questions and we will update when we hear back.
Previous and related coverage
Do you have a tip? Safe contact via WhatsApp | Signal on +447713 025 499