Security News > 2023 > October > Third Flagstar Bank data breach since 2021 affects 800,000 customers

Flagstar Bank is warning that over 800,000 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider.

A data breach notification sent to impacted customers explains that Flagstar was indirectly impacted by Fiserv, a vendor it uses for payment processing and mobile banking services.

The types of data that were compromised are redacted in the sample data breach notification letters.

This latest breach is the third for Flagstar since March 2021, when it disclosed it suffered a breach from the Clop ransomware gang, who, at that time, hacked its Accellion file transfer server in January of that year.

Based on the data samples posted by the ransomware gang, the hackers managed to steal customer and employee information, including names, addresses, phone numbers, tax records, and SSNs. In June 2022, Flagstar disclosed another breach of its corporate network that impacted over 1.5 million of its customers in the U.S. The data compromised in that incident includes at least names and Social Security Numbers.

Sony confirms data breach impacting thousands in the U.S. Data breach at French govt agency exposes info of 10 million people.

News URL

https://www.bleepingcomputer.com/news/security/third-flagstar-bank-data-breach-since-2021-affects-800-000-customers/