Flagstar Bank Data Breach: What & How It Happened?
Twingate Team
•
Jun 20, 2024
In late 2021, Flagstar Bank faced a data breach resulting in compromised customer data and a significant financial resolution. In May 2023, the bank's service provider, Fiserv, experienced a data breach affecting a large number of customers. Additionally, in October 2023, Flagstar Bank experienced another data breach due to a security vulnerability.
How many accounts were compromised?
The breaches collectively compromised data related to approximately 3.1 million individuals.
What data was leaked?
The data exposed in the breaches consisted of sensitive customer data, customer information including names and Social Security Numbers, and personal information of customers.
How was Flagstar Bank hacked?
Hackers breached Flagstar Bank's security by exploiting vulnerabilities in the MOVEit Transfer software and using stolen contractor login credentials. In one instance, ransomware was deployed, leading to a $1 million bitcoin ransom payment. The exact methods used in the third breach remain unclear.
Flagstar Bank's solution
In response to the hacking incidents, Flagstar Bank took several measures to address the situation and prevent future breaches. Although specific security enhancements remain unclear, the bank worked with its vendor, Fiserv, to notify impacted individuals and share resources to support them. Fiserv also launched a comprehensive investigation into the incidents, identified affected individuals, and notified regulators as required by law.
How do I know if I was affected?
Flagstar Bank worked with its vendor, Fiserv, to notify impacted individuals and share resources to support them. If you're a Flagstar Bank customer and haven't received a notification, you may visit Have I Been Pwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized transactions to the appropriate financial institution immediately.
For more specific help and instructions related to Flagstar Bank's data breach, please contact Flagstar Bank's Client Support directly.
Where can I go to learn more?
If you want to find more information on the Flagstar Bank data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
Flagstar Bank Data Breach: What & How It Happened?
Twingate Team
•
Jun 20, 2024
In late 2021, Flagstar Bank faced a data breach resulting in compromised customer data and a significant financial resolution. In May 2023, the bank's service provider, Fiserv, experienced a data breach affecting a large number of customers. Additionally, in October 2023, Flagstar Bank experienced another data breach due to a security vulnerability.
How many accounts were compromised?
The breaches collectively compromised data related to approximately 3.1 million individuals.
What data was leaked?
The data exposed in the breaches consisted of sensitive customer data, customer information including names and Social Security Numbers, and personal information of customers.
How was Flagstar Bank hacked?
Hackers breached Flagstar Bank's security by exploiting vulnerabilities in the MOVEit Transfer software and using stolen contractor login credentials. In one instance, ransomware was deployed, leading to a $1 million bitcoin ransom payment. The exact methods used in the third breach remain unclear.
Flagstar Bank's solution
In response to the hacking incidents, Flagstar Bank took several measures to address the situation and prevent future breaches. Although specific security enhancements remain unclear, the bank worked with its vendor, Fiserv, to notify impacted individuals and share resources to support them. Fiserv also launched a comprehensive investigation into the incidents, identified affected individuals, and notified regulators as required by law.
How do I know if I was affected?
Flagstar Bank worked with its vendor, Fiserv, to notify impacted individuals and share resources to support them. If you're a Flagstar Bank customer and haven't received a notification, you may visit Have I Been Pwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized transactions to the appropriate financial institution immediately.
For more specific help and instructions related to Flagstar Bank's data breach, please contact Flagstar Bank's Client Support directly.
Where can I go to learn more?
If you want to find more information on the Flagstar Bank data breach, check out the following news articles:
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
Flagstar Bank Data Breach: What & How It Happened?
Twingate Team
•
Jun 20, 2024
In late 2021, Flagstar Bank faced a data breach resulting in compromised customer data and a significant financial resolution. In May 2023, the bank's service provider, Fiserv, experienced a data breach affecting a large number of customers. Additionally, in October 2023, Flagstar Bank experienced another data breach due to a security vulnerability.
How many accounts were compromised?
The breaches collectively compromised data related to approximately 3.1 million individuals.
What data was leaked?
The data exposed in the breaches consisted of sensitive customer data, customer information including names and Social Security Numbers, and personal information of customers.
How was Flagstar Bank hacked?
Hackers breached Flagstar Bank's security by exploiting vulnerabilities in the MOVEit Transfer software and using stolen contractor login credentials. In one instance, ransomware was deployed, leading to a $1 million bitcoin ransom payment. The exact methods used in the third breach remain unclear.
Flagstar Bank's solution
In response to the hacking incidents, Flagstar Bank took several measures to address the situation and prevent future breaches. Although specific security enhancements remain unclear, the bank worked with its vendor, Fiserv, to notify impacted individuals and share resources to support them. Fiserv also launched a comprehensive investigation into the incidents, identified affected individuals, and notified regulators as required by law.
How do I know if I was affected?
Flagstar Bank worked with its vendor, Fiserv, to notify impacted individuals and share resources to support them. If you're a Flagstar Bank customer and haven't received a notification, you may visit Have I Been Pwned to check your credentials.
What should affected users do?
In general, affected users should:
Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.
Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.
Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and consider enabling this additional security feature on all other important online accounts to significantly reduce the risk of unauthorized access.
Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized transactions to the appropriate financial institution immediately.
For more specific help and instructions related to Flagstar Bank's data breach, please contact Flagstar Bank's Client Support directly.
Where can I go to learn more?
If you want to find more information on the Flagstar Bank data breach, check out the following news articles:
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions