While Flagstar says there is no evidence that the stolen data is being misused, it has provided important information on how the affected customers can protect themselves from identity theft and similar risks.
Details of the Flagstar Bank Data Breach
According to the notification, the bank said it experienced “unauthorized access” to its corporate network, though it did not specify when the breach was discovered, nor when hackers initially gained access to Flagstar’s system. After hiring out third-party cybersecurity assistance and contacting law enforcement, Flagstar said an investigation concluded on June 2, 2022, revealed that the data breach occurred between Dec. 3 and Dec. 4 of 2021. Hackers “accessed and/or acquired” files containing customer data that included the names or other personal identifiers of 1,547,169 Flagstar customers, along with their social security numbers.
Flagstar to Provide Identity Protection Services to Affected Customers
The bank said that it has not found any evidence that the responsible actor is misusing the stolen information. However, information like names and social security numbers in the wrong hands can be used to carry out cybercrimes like identity theft and phishing attacks. As a precautionary measure, Flagstar said it would provide its customers with Kroll’s identity monitoring services at no cost for a period of two years. The services include credit monitoring, fraud consultation, and identity theft restoration. The bank’s notification includes information to help customers protect their personal data. “As a precautionary measure, we recommend that you remain vigilant by reviewing your account statements, from us and others, and monitoring your credit reports closely,” the notification reads. “If you detect any suspicious activity on any account or have reason to believe your information is being misused, you should promptly notify the financial institution or company with which the account is maintained. You should also promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, your state attorney general, and the Federal Trade Commission (“FTC”),” it adds.
Banks Consistently Facing Cyber Threats
It is currently unclear how the threat actor gained access to Flagstar’s network. However, there is a worrying rise in the number of high-profile cyber threats against banks and other financial institutions. Flagstar was hit by a data breach earlier this year as well, when the notorious Cl0p ransomware gang hacked into a vulnerable server. Countries have also been quick to respond and take precautionary measures to protect financial institutions. Singapore’s banking regulator, the MAS, recently released a set of cybersecurity measures to improve cybersecurity in digital banking and tackle financial scams. If you’re concerned about your finances, check out our guide on safe online banking which details the common threats to watch out for, and tips to help protect yourself.