Flagstar Bank Data Breach Highlights Need for Cybersecurity Measures

Flagstar Bank's recent data breach is a stark reminder that even the most secure systems can be vulnerable to cyber attacks. A total of 1.5 million Flagstar Bank customers had their personal data compromised.

The breach was caused by a third-party vendor that accessed the bank's systems without permission. This highlights the importance of monitoring third-party access to sensitive data.

Flagstar Bank was hacked in December 2021, affecting 1.5 million customers. The bank operates over 150 branches in several states, including California, Ohio, Wisconsin, and Indiana.

The bank generates annual revenue of more than $1.6 billion, accounting for approximately $23.2 billion in assets. It is the country's 6th largest bank mortgage originator.

Hackers exploited vulnerabilities in the MOVEit Transfer software and used stolen contractor login credentials to breach Flagstar Bank's security. In one instance, ransomware was deployed, leading to a $1 million bitcoin ransom payment.

The bank filed an official notice of data breach, sending a data breach letter to affected customers. The letter noted that certain impacted files containing customer personal information were accessed and/or acquired from the bank's network between December 3, 2021, and December 4, 2021.

The attackers accessed customer details, including names and social security numbers. However, the bank mentioned no indication that the breached data had been sold, leaked, or misused.

Flagstar Bank promised to strengthen its security defenses by minimizing vulnerabilities to avoid similar incidents in the future.

Curious to learn more? Check out: Huntington Bancshares Customer Service

Flagstar Bank has experienced two major security incidents in just two years, leaving many customers vulnerable to data breaches.

The bank's second data breach happened less than a year after a similar security incident affected its customers in January 2021.

Hackers exploited vulnerabilities in the bank's legacy file transfer software to access sensitive customer and employee data.

The leaked data included names, phone numbers, addresses, and Social Security numbers.

Flagstar warned its customers that the threat actors responsible were contacting bank customers by email and telephone to scam them.

The Cl0p ransomware gang published employee information on its leak website as well as screenshots of tax and mortgage documents, presumably belonging to the bank's customers.

Flagstar agreed to pay $5.9 million to settle a class action lawsuit filed on behalf of 1.48 million affected consumers.

As part of the settlement, the bank pledged "various enhancements" to its third-party vendor risk management program.

Victims of the data breach could choose between three years of credit monitoring and identity theft insurance or a one-time cash payout of well below $1,000.

Victims with verifiable financial losses could obtain reimbursements of up to $10,000.

For your interest: Golden 1 Credit Union

Flagstar Bank's data breach affected 1.5 million customers.

The breach occurred between December 3, 2021, and December 4, 2021, when hackers accessed customer details, including names and social security numbers.

Flagstar Bank's network was compromised, allowing attackers to access sensitive customer data.

The data exposed in the breaches consisted of sensitive customer data, customer information including names and Social Security Numbers, and personal information of customers.

The bank has promised to strengthen its security defenses to avoid similar incidents in the future.

Flagstar Bank has more than 150 branches in several states, including California, Ohio, Wisconsin, and Indiana.

Recommended read: Moneygram Confirms Customer Data Breach in September Cyberattack

Data breaches can't be stopped with a single solution, and it's no longer a viable option to have a relaxed attitude towards data security.

The increasing number of data breaches highlights the need for investment in managed security service providers to design robust end-to-end security solutions.

To protect against data breaches, organizations can combine data security with effective ransomware detection and intrusion prevention and detection initiatives.

A fresh viewpoint: What Is Hipaa Breach

Data from the Flagstar data breaches hasn't been misused so far, but it's likely that attackers will wait for the right time to exploit the data.

Organizations can protect themselves by implementing effective processes to manage zero-day threats, especially when PII is stored in critical production servers.

Conducting frequent technological audits can prevent exploitation of vulnerabilities.

Flagstar Bank worked with its vendor, Fiserv, to notify impacted individuals and share resources to support them.

Here are some key steps to prevent future breaches:

Avoiding data breaches is crucial, especially after the recent Flagstar data breaches. You can prevent data breaches by identifying and classifying your sensitive data.

To scale down information accessibility, use data monitoring, identity, and access management. This will help minimize the damage in case of a breach. I've seen companies that have implemented this measure experience a significant reduction in data breaches.

Identifying malicious sites and known threats is also essential. Use a web application firewall to block them immediately, and align it with real-time alerts for comprehensive security.

The vulnerability assessment process should be integrated with regular operations to identify and seal gaps in your security process. This will help prevent data breaches from happening in the first place.

A proper data disposal policy is also necessary to ensure that sensitive information is not compromised. Secure sensitive information through advanced technologies like data masking, encryption, tokenization, and more.

Here are some key steps to prevent data breaches: