The Flagstar Bank published an advisory regarding a data breach incident where hackers got ahold of the personal data of its 1.5 million customers during a cyberattack last year. Flagstar is a Michigan-based financial services provider and one of the biggest banks in the United States. Reports stated that the bank’s current total assets are more than $30 billion.
According to the published statement by the bank, Flagstar suffered a security breach in December last year, where the adversaries breached the bank’s corporate network. The investigation revealed that the threat actors obtained sensitive details such as social security numbers and customers’ full names.
The bank also stated that upon learning about the incident, they immediately launched an incident response plan, hired cybersecurity professionals, and updated federal law enforcement.
Fortunately, the bank indicated no signs of stolen information that the hackers misused. However, they still want to advise everyone since there should be an applied caution during these times.
Flagstar Bank has been keen on taking care of its customers despite experiencing such an attack.
Reports said Flagstar Bank would provide free identity monitoring and protective services for individuals impacted by the attack for a couple of years. There is also circulating information that the data breach affected 1,547,169 individuals in the United States.
The bank has not responded to any inquiries by other entities as this has not yet reached its conclusion.
This event is the second security incident that affected Flagstar Bank and its customers in under a year. January last year, the Clop ransomware gang breached Flagstar’s servers by exploiting a zero-day flaw in Accellion servers.
Last year’s data breach by the hackers resulted in Flagstar Bank being extorted by Clop since its customers’ data were stolen and exposed to cybercriminals. The recent exposure led to the bank’s decision to cut ties with the Accellion platform.
The compromised data samples include names, tax records, phone numbers, social security numbers, and addresses. Researchers then displayed the information on Clop ransomware’s data leak site.