Flagstar Bank, one of the largest residential mortgage servicers and largest banks in the United States, became the victim of a major data breach in January, exposing customer and employee data. 

What role has Accellion played in the data breach?

Accellion is a firewall vendor that has been targeted by ransomware group Clop. In December Accellion quietly released a patch, and then more fixes in January, trying to address a cluster of vulnerabilities created in one of its network equipment offerings. 

It looks like since then, multiple companies and government organizations worldwide have disclosed that they were breached, now being extorted by the ransomware group Clop that has threatened to make the data public if they don’t pay up. 

On Friday, Flagstar Bank issued a security disclosure on their website and began emailing customers about a breach of their Accellion FTA server. 

Accellion, a vendor that Flagstar uses for its file sharing platform, informed Flagstar on January 22, 2021, that the platform had a vulnerability that was exploited by an unauthorized party. After Accellion informed us of the incident, Flagstar permanently discontinued the use of this file-sharing platform.

“Unfortunately, we have learned that the unauthorized party was able to access some of Flagstar’s information on the Accellion platform and that we are one of the numerous Accellion clients who were impacted.


The journalists from BleepingComputer have discovered that Flagstar was not a victim of the initial zero-day vulnerability that happened in December but to a new vulnerability utilized by threat actors in January.

Clop ransomware has sent a ransom note to Flagstar demanding a bitcoin payment for not releasing the data online. 


Clop ransomware group publishes stolen data

The Accellion FTA server was used by Flagstar for sending and receiving sensitive documents with their partners and customers.

Right after Flagstar began notifying victims of the data breach, the Clop ransomware gang started leaking screenshots of the stolen data, warning that they have in possession more personal and sensitive data.

The screenshots showcase the types of sensitive customer and employee information that were stolen, like social security numbers, names, addresses, phone numbers, and tax records.


For the time being the ransomware group had only shared a few screenshots of stolen data, but we can assume that the threat actors stole more documents containing sensitive information.

Heimdal Official Logo
Your perimeter network is vulnerable to sophisticated attacks.

Heimdal® Threat Prevention - Network

Is the next-generation network protection and response solution that will keep your systems safe.
  • No need to deploy it on your endpoints;
  • Protects any entry point into the organization, including BYODs;
  • Stops even hidden threats using AI and your network traffic log;
  • Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Looking at this situation, it’s pretty likely that we will see further data breaches associated with Accellion FTA hacks soon. We’ll keep you updated as the situation rolls out. 


I haven’t had dealing with Flagstar since 2013. Why are they still storing sensitive data on me. It just creates a liability that can’t handle. SSN are permanent. Government needs apply a blockchain to SSN or create a way to tumble SSN like credit card numbers. This country is so far behind the curve!

At the least, they should have encrypted all that sensitive data SSNs, Names, Addresses. Cardano Atala Prism is a decentralized identity solution in a new era of decentralized systems.

This is absolutely unacceptable. It is always them. They are always at fault.
Centralized systems need to die. Time for a new era of decentralized systems.

Leave a Reply

Your email address will not be published. Required fields are marked *