article featured image


Flagstar Bank is a financial institution with its headquarters located in Michigan and is one of the major residential mortgage servicers in the United States, being ranked among the top five largest banks in the country.

What Happened?

During a cyberattack in December, cybercriminals gained access to the personal information of 1.5 million Flagstar Bank clients, and the bank is now informing those customers of the breach.

A data breach occurs when an unauthorized individual gains access to confidential, sensitive, or protected information. Without permission, files from a data breach are viewed and/or shared.

Intruders broke into the corporate network of Flagstar Bank in December 2021, as shown by the data breach notices that were issued to clients whose information had been compromised, causing the bank to suffer a security problem.

The bank found out on June 2nd, after conducting an inquiry into the matter, that the threat actors had gained access to critical consumer information, including complete customer names and social security numbers.

Flagstar Bank treats the security and privacy of your personal information with the utmost importance, which is why we are writing to let you know about a recent security incident. We want to provide you with information about the incident, explain the services we are making available to you, and let you know that we continue to take significant measures to help protect your information.

What Happened?

Flagstar recently experienced a cyber incident that involved unauthorized access to our network. In response, Flagstar promptly took steps to secure its environment and investigate the incident with the assistance of third-party forensic experts. What We Are Doing. Upon learning of the incident, we promptly activated our incident response plan, engaged external cybersecurity professionals experienced in handling these types of incidents, and reported the matter to federal law enforcement. After an extensive forensic investigation and manual document review, we discovered on June 2, 2022 that certain impacted files containing your personal information were accessed and/or acquired from our network between December 3, 2021 and December 4, 2021. We have no evidence that any of the information has been misused. Nevertheless, out of an abundance of caution, we want to make you aware of the incident. What Information Was Involved? On June 2, 2022, we determined that one or more of the impacted files contained your <<b2b_text_1(data elements)>><<b2b_text_2(data elements cont.)>>.


People whose identities were compromised will get free identity monitoring and protection services from Flagstar for a period of two years.

We have no evidence that any of your information has been misused. Nevertheless, out of an abundance of caution we have secured the services of Kroll to provide identity monitoring at no cost to you for two years. Kroll is a global leader in risk mitigation and response, and their team has extensive experience helping people who have sustained an unintentional exposure of confidential data. Your identity monitoring services include Credit Monitoring, Fraud Consultation, and Identity Theft Restoration.

Additional information describing your services is included with this letter. This letter also provides other precautionary measures you can take to help protect your personal information, including placing a fraud alert and/or security freeze on your credit files, and/or obtaining a free credit report. Please review the attachment to this letter, entitled “Steps You Can Take to Help Protect Your Information,” for further information. The attachment also includes the toll-free telephone numbers and addresses of the three major credit reporting agencies. Additionally, you should always remain vigilant in reviewing your financial account statements and credit reports for fraudulent or irregular activity on a regular basis.


As reported by BleepingComputer, a total of 1,547,169 people throughout the United States were affected by the data breach.

This is the second serious security breach that has hit Flagstar and its customers within the last year. In both cases, the breach occurred within the previous year.

In January of 2021, a group of cybercriminals operating under the name Clop exploited a zero-day vulnerability that was present in the servers used by Accellion FTA. This allowed them to obtain access to the computer systems used by the bank.

This occurrence has ramifications for a significant number of firms, including Bombardier, Singtel, the New Zealand Reserve Bank, and the State Auditor office in Washington, that conducted business with Accellion.

As a direct result of this security compromise, Flagstar Bank was blackmailed by Clop, the personal information of its customers was made accessible to hackers, and the financial institution severed its cooperation with the Accellion platform.

In the end, samples of the stolen data were uploaded on Clop’s data breach website. These examples included people’s names, Social Security numbers, homes, tax information, and phone numbers.

If Ransomware Concerns You…

Join us on Tuesday, June 21st, 1pm BST/2pm CEST for our next webinar, when Cyber-Security & Heimdal Product Expert Andrei Hinodache and Pre-Sales Engineering Manager Robertino Matausch will explain why ransomware is on the rise, and how should executives evaluate their company’s ability to prevent and recover from ransomware attacks.

What’s more, we will be showing you how to do this LIVE! Our experts will walk you through ransomware incident preparedness, technical testing through live simulations, detection, and suggestions for thwarting attackers by hardening systems and infrastructure.

Make sure you register here!

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Dora Tudor

Cyber Security Enthusiast

linkedin icon

Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.

Leave a Reply

Your email address will not be published. Required fields are marked *