- Apr 24, 2016
Flagstar Bank is notifying 1.5 million customers of a data breach where hackers accessed personal data during a December cyberattack.
Flagstar is a Michigan-based financial services provider and one of the largest banks in the United States, having total assets of over $30 billion.
According to data breach notifications sent to exposed customers, Flagstar experienced a security incident in December 2021 when intruders breached the bank’s corporate network.
After an investigation, the bank discovered on June 2nd that the threat actors accessed sensitive customer details, including full names and social security numbers.
“Upon learning of the incident, we promptly activated our incident response plan, engaged external cybersecurity professionals experienced in handling these types of incidents, and reported the matter to federal law enforcement,” explains the notice.
“We have no evidence that any of the information has been misused. Nevertheless, out of an abundance of caution, we want to make you aware of the incident.”
Flagstar is providing free two years of identity monitoring and protection services to impacted individuals.
Based on information submitted to the Office of the Maine Attorney General, the data breach affected 1,547,169 people in the United States.
Bleeping Computer contacted Flagstar with further questions, including what types of data have been potentially exposed and why it took so long to discover the breach, but the response didn't provide any additional details.