Flagstar Bank’s Ongoing Security Struggles; Third Cyber Breach

Flagstar Bank, rooted in Michigan’s financial landscape and a significant player in the U.S. banking industry, has once again faced a security hurdle. This renowned bank, which proudly held assets exceeding $31 billion, became a part of the New York Community Bank’s portfolio last year. However, this acquisition hasn’t shielded it from the challenges of modern cybersecurity.

The Epicenter of the Recent Breach

Flagstar recently alerted over 800,000 U.S. customers of a potential data compromise. Interestingly, the bank itself wasn’t the direct culprit. Instead, the breach occurred at Fiserv, a third-party service provider that Flagstar relies on for essential functions like mobile banking and payment processing. 

This breach at Fiserv was part of a more extensive security concern known as the CLOP MOVEit Transfer attacks. Cybersecurity firm Emsisoft reports that these attacks have left a staggering 64 million individuals and around two thousand organizations vulnerable worldwide.  

The attackers exploited a “zero-day vulnerability” in the MOVEit Transfer system to access and extract customer data, including data related to Flagstar’s clientele. While specific details about the data’s nature remain under wraps in some reports, it’s known that names and Social Security Numbers (SSNs) were part of the stolen cache. 

A Pattern of Cybersecurity Challenges

The concerning reality for Flagstar Bank is the recurrence of such incidents. This breach marks the third significant security lapse in just two years. Back in March 2021, the bank revealed a breach where the Clop ransomware group targeted them, exposing a vast array of customer and employee data. Then, in June 2022, another breach surfaced, affecting over 1.5 million U.S. customers. 

The Broader Implications 

Fiserv’s role in this breach isn’t just a concern for Flagstar. The company caters to multiple banks, meaning its security vulnerabilities could indirectly expose a broader set of financial institutions and their patrons. This incident serves as a stark reminder of the interconnected nature of our digital world and how a lapse in one area can ripple across the industry.

Reviewing Your Cybersecurity Health 

If you have that nagging suspicion of being wide open to cyberattacks, it’s time to act. Click here to secure a Free Cybersecurity Risk Assessment and know for sure where you stand. Don’t let unreported cyber incidents be your downfall; take the first step towards ensuring better cyber protections and maintaining client trust.