US Bank and Mortgage Lender Flagstar Victim of a major data breach
Flagstar has disclosed a data breach, that exposed customer and employee data.
Flagstar Bank, one of the largest residential mortgage servicers and largest banks in the United States, became the victim of a major data breach in January, exposing customer and employee data.
What role has Accellion played in the data breach?
Accellion is a firewall vendor that has been targeted by ransomware group Clop. In December Accellion quietly released a patch, and then more fixes in January, trying to address a cluster of vulnerabilities created in one of its network equipment offerings.
It looks like since then, multiple companies and government organizations worldwide have disclosed that they were breached, now being extorted by the ransomware group Clop that has threatened to make the data public if they don’t pay up.
On Friday, Flagstar Bank issued a security disclosure on their website and began emailing customers about a breach of their Accellion FTA server.
Accellion, a vendor that Flagstar uses for its file sharing platform, informed Flagstar on January 22, 2021, that the platform had a vulnerability that was exploited by an unauthorized party. After Accellion informed us of the incident, Flagstar permanently discontinued the use of this file-sharing platform.
“Unfortunately, we have learned that the unauthorized party was able to access some of Flagstar’s information on the Accellion platform and that we are one of the numerous Accellion clients who were impacted.
The journalists from BleepingComputer have discovered that Flagstar was not a victim of the initial zero-day vulnerability that happened in December but to a new vulnerability utilized by threat actors in January.
Clop ransomware has sent a ransom note to Flagstar demanding a bitcoin payment for not releasing the data online.
Clop ransomware group publishes stolen data
The Accellion FTA server was used by Flagstar for sending and receiving sensitive documents with their partners and customers.
Right after Flagstar began notifying victims of the data breach, the Clop ransomware gang started leaking screenshots of the stolen data, warning that they have in possession more personal and sensitive data.
The screenshots showcase the types of sensitive customer and employee information that were stolen, like social security numbers, names, addresses, phone numbers, and tax records.
For the time being the ransomware group had only shared a few screenshots of stolen data, but we can assume that the threat actors stole more documents containing sensitive information.
Heimdal® Threat Prevention - Network
- No need to deploy it on your endpoints;
- Protects any entry point into the organization, including BYODs;
- Stops even hidden threats using AI and your network traffic log;
- Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
Looking at this situation, it’s pretty likely that we will see further data breaches associated with Accellion FTA hacks soon. We’ll keep you updated as the situation rolls out.