"Flagstar Bank MOVEit Breach Affects 800K Customer Records"

Flagstar Bank, a prominent Michigan-based financial services provider, has recently warned 837,390 of its US customers about a data breach that occurred through a third-party service provider, Fiserv.  It was traced back to vulnerabilities in MOVEit Transfer, a file transfer software used by Fiserv for payment processing and mobile banking services.  According to the company, the unauthorized activity occurred between May 27 and 31, 2023, before the vulnerability was publicly disclosed, allowing threat actors to access and obtain customer information, including names and other data elements.  The incident marks the third significant cybersecurity breach for Flagstar Bank since 2021.  The first breach happened in March 2021 when the Clop ransomware group reportedly pilfered customers’ personal data.  A second breach occurred on December 3 and 4, 2021, affecting Flagstar Bank’s corporate network and impacting nearly 1.5 million US clients.

 

Infosecurity reports: "Flagstar Bank MOVEit Breach Affects 800K Customer Records"

Submitted by Adam Ekwall on