Flagstar Bank suffers data breach as employee data posted online
Michigan-based Flagstar Bank has fallen victim to a data breach caused by a vulnerability in the Accellion file sharing service.
Flagstar Bank says it has discontinued its use of Accellion
Criminals have reportedly posted the personal details of bank employees online following the breach.
Vice received emails from a group claiming responsibility for the cyberattack. The messages directed the publication to posts on the dark web featuring sensitive information.
The bank has issued a statement revealing it had been aware of a breach on 22 January. Accellion told the bank of its vulnerability, and Flagstar “permanently discontinued” its use of the software.
“Unfortunately, we have learned that the unauthorised party was able to access some of Flagstar’s information on the Accellion platform,” the bank writes.
“The Accellion platform was segmented from the rest of our network, and our core banking and mortgage systems were not affected.”
Accellion’s File Transfer Appliance (FTA), is an enterprise-grade platform for transferring large file sizes.
The zero-day vulnerability has affected a handful of other companies, including the Reserve Bank of New Zealand and the Australian Securities and Investments Commission (ASIC).
The bank has signed a deal with Kroll for the providence of credit monitoring services and identity theft restoration.
Related: Combination of weaknesses led to massive data breach at Desjardins
Well, I received a letter from Flagstar informing me that my personal. information was hacked. Is now on the dark web for anyone to access – forever? Very pissed and will be cancelling my association wit Flagstar shortly. Yes – they will be held accountable for the damage already done.