Flagstar Bank has warned that 837,390 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider.
Flagstar, now owned by the New York Community Bank, is a Michigan-based financial services provider that, before its acquisition in 2022, was one of the largest banks in the United States, having total assets of over $31 billion.
The breach occurred between May 27 and 31, 2023. It exposed the personal information of a substantial number of customers. It was traced back to vulnerabilities in MOVEit Transfer, a file transfer software used by Fiserv for payment processing and mobile banking services.
In June 2022, Flagstar Bank disclosed another data breach that impacted roughly 1.5 million of its customer in the US, but the company did not share details about the attack. The security breach took place in early December 2021.
On March 2021, the bank was the victim of another attack conducted by the Clop ransomware gang.
Read more about it here.