Flagstar Bank Breach Impacts More Than a Million Customers
Table of Contents
- By Patrick Ryan
- Jun 28, 2022
Flagstar Bank is in the news for the wrong reason. The bank recently publicized the fact that it discovered a digital breach. The breach is the bank's second hack in the past two years. The breach is especially meaningful as Flagstar Bank is one of the country's top home mortgage loan issuers.
When was the Hack Announced?
The Flagstar Bank breach has impacted nearly two million individuals. However, those victimized by the attack were not notified until six months after it occurred. The lengthy wait to publicize the data breach has opened the door for some strong criticism of Flagstar Bank. The bank's representatives argue it took a lengthy period of time to conduct a forensics investigation and perform a manual document review.
What Did the Hackers Steal?
The digital miscreants responsible for the attack took names as well as other identifying information, including social security numbers. However, if executives from Flagstar Bank are telling the truth, there is no indication that the stolen data has been improperly used.
Furthermore, it is worth noting the bank's operations continue to function as normal.
How Did the Bank Respond to the Attack?
The bank performed an in-depth investigation and performed a manual document review. The bank contacted affected customers by phone and email to make them aware of the hack and the fallout. However, the bank has not gone into detail about how it will safeguard customers' personal information. The bank attempted to keep affected customers content by providing two years of no-cost credit monitoring and identity theft restoration.
Why is the Attack Meaningful?
Even if you overlook the fact that this digital attack compromised millions of customers' accounts, it is also important for several other reasons. For one, the attack exemplifies just how frequently digital attacks occur and change. After all, it was less than two years ago when the bank suffered a similar hack.
It is clear that the safeguards implemented to prevent a subsequent hack did not provide the desired protection.
What Information was Stolen and Leaked on the Web?
A considerable amount of highly sensitive information was stolen and leaked. The stolen information includes names, addresses, social security numbers, phone numbers, and more.
Who is Behind the Attack?
The attack is the result of a hack performed by the CI0p ransomware collective. The ransomware gang owned up to the attack in quite the grandiose manner, announcing its successful hack on its website with screen captures of mortgage and tax documents pertaining to customers of the bank.
Will Flagstar Face Financial Penalty?
Flagstar paid a multimillion-dollar penalty due to a potential class-action lawsuit. The settlement also included improvements to third-party vendor risk management.
Has the CI0p Hacking Group Affected Others?
Indeed, the hacking collective has also zeroed in on several other targets. The hacking group has targeted groups ranging from Kroger to the University of Colorado, the Reserve Bank of New Zealand, the Australian Securities and Investments Commission, and the Washington State Auditor's Office.
What Lessons Can be Taken from the Hack?
The most important lesson to pluck from this high-profile banking hack is to update your digital defenses. If you have not yet enhanced your digital safeguards, do so now, and you won't lose any sleep moving forward into an uncertain future in which myriad digital threats are sure to arise.