Colin Thierry
Published on: June 22, 2022

Michigan-based Flagstar Bank notified over 1.5 million customers of a data breach that took place during a cyberattack at the end of 2021.

According to its letter to impacted customers, Flagstar’s corporate network was compromised in December when an unauthorized party accessed files containing the sensitive personal information of customers.

“Flagstar recently experienced a cyber incident that involved unauthorized access to our network,” read the data breach notification. “After an extensive forensic investigation and manual document review, we discovered on June 2, 2022 that certain impacted files containing your personal information were accessed and/or acquired from our network between December 3, 2021 and December 4, 2021.”

Full names and Social Security numbers of customers may have been included in the data exposed to threat actors. This increases the risk of crimes like identity theft against the bank’s customers, as a result.

Flagstar reported the cyberattack to police and said it will continue to take measures to make sure similar incidents won’t occur again.

“Upon learning of the incident, we promptly activated our incident response plan, engaged external cybersecurity professionals experienced in handling these types of incidents, and reported the matter to federal law enforcement,” the bank added.

Customers impacted by the breach will receive two years of identity monitoring. Despite having a lack of evidence that customer information was misused, Flagstar still urged clients to remain vigilant and review financial account statements and credit reports for any suspicious activity.

“We have no evidence that any of your information has been misused,” Flagstar said in a press release. “We sincerely apologize for any inconvenience this may have caused you. We remain fully committed to maintaining the privacy of personal information in our possession and have taken many precautions to safeguard it.”