Flagstar Bank reveals a massive data breach in its banking system, a cyberattack from last year.
During a cyberattack in December, malicious hackers gained access to the personal information of more than a million Flagstar Bank customers. The bank is now informing its pool of customers regarding the breach.
According to BleepingComputer, the information that was provided to the Office of the Attorney General of Maine, the data breach affected 1,547,169 people throughout the United States.
Malicious threat actors broke into the corporate network of Flagstar Bank in December 2021, as indicated by the data breach notifications that were sent to customers whose information had been compromised, causing the bank to suffer a data breach.
Flagstar Banks's Data Breach
Flagstar Bank informed its customers through an email about the breach. The bank admitted that they had been a victim of a cyber attack that involved unauthorized access to their network. According to Flagstar Bank, they immediately took steps to protect its systems and looked into what happened with the help of forensic experts from outside the company.
The bank said that as soon as they found out about the incident, they immediately put their response plan into action, hired outside cybersecurity experts who had dealt with similar situations before, and notified federal law enforcement.
The bank found out about the data breach on June 2, 2022, after conducting a thorough forensic investigation and manually reviewing all of the bank's customer files, that between December 3, 2021 and December 4, 2021, certain impacted files were accessed and/or acquired from the bank's system.
These files contained personal information about the bank's customers. The financial institution has stated that they do not have any evidence at this time to suggest that any of the information has been misused.
Flagstar's Customer Mitigation
To compensate for the breach, the bank provided a tailored response and assistance to its affected customers. Flagstar Bank will provide security services to its customers for two years at no cost to them from the mitigation company Kroll.
Kroll is the industry leader in risk mitigation and response, and the team at this company has vast experience assisting individuals who have suffered unintended exposures of personal data.
Some of the services that are freely offered in compensation are identity monitoring, credit monitoring, fraud consultation, and restoring your identity after it has been stolen.
The services will provide numerous security protections to Flagstar Bank customers. Users will be able to receive notifications whenever there are changes made to their credit data and will have unrestricted access to consultations with Kroll fraud specialists as a result of this feature.
Also, if one of their customers is a victim of identity theft, a licensed and experienced investigator from Kroll will work on your behalf to solve any problems that come up as a result.
Flagstar Bank's Previous Cyberattack
Within the past year, this is the second significant security breach that has affected Flagstar and its clients. According to a previous report by BleepingComputer, the Clop ransomware gang got into the bank's systems in January 2021 by taking advantage of a zero-day vulnerability in Accellion FTA servers.
As a direct result of this data breach, Flagstar Bank was blackmailed by Clop, the personal information of its customers was made available to cybercriminals, and the financial institution terminated its partnership with the Accellion platform.
In the end, the stolen data, which included people's names, Social Security numbers, residences, tax information, and phone numbers, were posted on Clop's data leak website.