Flagstar Bank is notifying customers that a data breach targeting a third-party vendor has resulted in the exposure of personal customer information. Flagstar uses the vendor in question, Fiserv, for transaction processing and mobile banking services. The notice sent out on Friday states that Fiserv is one of the many organisations impacted by the headlining mass MOVEit file transfer hack.
Prior to its 2022 acquisition by New York Community Bank, Flagstar previously had assets of over $31 billion as one of the largest banks in the United States. The bank is now contacting over 800,000 customers to alert them of the breach impacting the third-party vendor, Fiserv. This is the third breach Flagstar has suffered since 2021.
“The incident involved vulnerabilities discovered in MOVEit Transfer, a file transfer software used by our vendor to support services it provides to Flagstar and its related institutions,” reads the consumer notification letter.
According to the notice, Fiserv was a victim of the MOVEit breach between May 27-31st of 2023, which was before the public disclosure of the MFT vulnerability. As with the thousands of other organisations impacted in this breach, Fiserv’s systems were accessed by unauthorized actors, and files relating to Flagstar Bank and its customers was obtained.
“The MOVEit Transfer security flaw is the gift that keeps on giving for hackers. This time around, it looks like the bad guys were able to steal customer and employee information, including names, addresses, phone numbers, tax records, and SSNs,” Chris Hauk, Consumer Privacy Champion at Pixel Privacy, says. “Customers of this bank (along with any ..
Support the originator by clicking the read the rest link below.
