October 6, 2023

Flagstar Bank, N.A. Announces Third-Party Data Breach at Fiserv, Compromising as Many as 837k Social Security Numbers

+ Follow Contact

Send

Embed

On October 6, 2023, Flagstar Bank, N.A. filed a notice with the Attorney General of Maine notifying consumers of a third-party data breach that involved the MOVEit server of Fiserv, a third-party vendor used by Flagstar Bank. In this notice, Flagstar Bank explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names and Social Security numbers. Upon completing its investigation, Flagstar Bank began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Flagstar Bank, N.A., discussing an incident at Fiserv, it is essential you understand what is at risk and what you can do about it. As we’ve previously mentioned in other posts, Social Security numbers are among hackers’ primary targets in any cyberattack. This is because your SSN can be easily used to commit identity theft and other frauds. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Fiserv data breach. For more information, please see our recent piece on the topic here.

What Caused the Flagstar Bank / Fiserv Breach?

The data breach affecting Flagstar Bank customers was only recently announced, and more information is expected in the near future. However, Flagstar Bank’s filing with the Attorney General of Maine provides some important information on what led up to the breach. According to this source, Fiserv is a third-party vendor that Flagstar Bank uses for payment processing and mobile banking purposes. In the normal course of business, Fiserv uses a secure file-transfer application called MOVEit.

Back in May 2023, Progress Software, the creator of MOVEit, discovered a vulnerability within the program. Upon learning of the MOVEit vulnerability, Fiserv launched an investigation, which ultimately confirmed that an unauthorized party was able to access files on Fiserv’s MOVEit server between May 27, 2023 and May 31, 2023. Flagstar Bank customer information was among the data stored on Fiserv’s MOVEit server.

After learning that sensitive consumer data was accessible to an unauthorized party, Fiserv reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name and Social Security number.

On October 6, 2023, Flagstar Bank sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

Note that Flagstar Bank’s IT systems were not compromised at any time during this incident; the leaked information was limited to that which was stored on Fiserv’s MOVEit server.

More Information About Flagstar Bank, N.A.

Flagstar Bank, N.A. is a financial institution based out of Troy, Michigan. The company is a subsidiary of Flagstar Bancorp, Inc. Flagstar Bank provides commercial, small business, and consumer banking services to individuals and businesses across the United States. Flagstar Bank employs more than 5,341 people and generates approximately $1.9 billion in annual revenue.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.