Flagstar Bank, https://www.flagstar.com has recently disclosed a security incident that led to the exposure of personal data belonging to up to 1.5 million customers. According to cyber threat investigators, the data breach occurred between 3 December 3 and 4 December 2021. The US financial organization is headquartered in Michigan and operates over 150 branches in areas including Indiana, California, Wisconsin, and Ohio. Flagstar Bank serves both consumer and commercial businesses, holding $23.2 billion in assets. Flagstar Bank is a subsidiary of Flagstar Bancorp, listed on the NYSE as FBC.
The bank reported in a security notice that the incident involved "unauthorized access" to the bank's network. "In response, Flagstar promptly took steps to secure its environment and investigate the incident with the assistance of third-party forensic experts," Flagstar's spokesman stated. On 2 June 2022, Flagstar's investigators concluded that information belonging to over 1.5 million customers may have been affected by the breach.
There is no evidence that this data has been leaked, sold, or otherwise misused, according to the bank. "Since then, we have taken several measures to toughen our information security. We now believe we have strengthened processes and systems in a way that should reduce our cyber vulnerabilities in the future," the bank spokesman said.
The standard procedure when a data breach occurs at a major company, one of the first steps taken is to offer the impacted customers free credit-monitoring services. Flagstar Bank has chosen to take this route and anyone alerted to the possible leak of their personal information will be offered two years of free monitoring. "We sincerely apologize for any inconvenience this may have caused you," a Flagstar representative says. "We remain fully committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it."
This is the second security issue to strike Flagstar in just over a year. In March 2021, the bank, and Accellion customers, were impacted by a security incident caused by a zero-day vulnerability in Accellion's file-sharing platform, File Transfer Appliance (FTA). This flaw meant an unauthorized party was able to access some of Flagstar's information on the Accellion platform.
Accellion https://community.accellion.com a provider of hosted file transfer services, recently agreed to pay $8.1 million to settle a class-action lawsuit related to a data breach in December 2020. The lawsuit, filed in a California Federal Court, claims that Accellion failed to protect the sensitive information of millions of users after threat actors exploited a vulnerability in Accellion’s file transfer appliance (FTA).
Based in California, Accellion is a private cloud solutions company providing software for third-party secure file transfers. The data breach occurred due to a bug in Accellion’s file-sharing software, used by several organizations globally.
The data breach affected many Accellion clients. It impacted millions of users’ sensitive data such as names, birthdates, Social Security numbers, banking details, and medical and driver’s license information. The lawsuit stated that Accellion failed to identify vulnerabilities in its FTA platform and implement necessary data security measures to secure clients and use classified information.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs. com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings