Over 1.5 million clients were impacted by the most recent data breach, according to Flagstar Bank, one of the biggest banks in the U.S.
The hackers were able to get private information from the impacted users based on the letter that the company recently delivered to the customers.
One of the biggest mortgage lenders in the nation with 150 locations, the Michigan-based bank disclosed to the state of Maine that its systems were breached between December 3 and 4 of last year but that it wasn't until earlier this month that the issue was found.
Why it took Flagstar so long to discover the data leak is unclear. When contacted via email, Susan Bergesen, a spokesperson for Flagstar, refuses to respond to our inquiries regarding which of its systems were compromised and the precise number of clients impacted.
Flagstar recently experienced a cyber incident that involved unauthorized access to our network. Upon learning of the incident, we promptly activated our incident response plan, engaged external cybersecurity professionals experienced in handling these types of incidents, and reported the matter to federal law enforcement," the bank said in a letter.
Flagstar has not yet provided an explanation for why it took them half a year to find out about the hacking event. The bank did not respond when Techcrunch emailed business spokeswoman Susan Bergesen with a question.
Additionally, the business withheld the precise number of people that were impacted by the data leak. The precise systems that were impacted at the time were not mentioned.
Flagstar stated that there is currently no proof that the stolen customer information has been misused, but out of an abundance of caution, it will offer free identity theft monitoring to customers affected for a period of two years.
The Office of the Maine Attorney General was informed that 1,547,169 people nationwide were affected by the Flagstar hackers in this regard.
The security of Flagstar has previously been breached. The business was one of many to fall victim to the Accellion attack in January 2021, which saw hackers steal corporate records by taking advantage of flaws in the vendor's old file transfer appliance (FTA). Names, Social Security numbers, residences, tax information, and phone numbers were among the stolen data in the Flagstar case.
Since then, the infamous Clop ransomware gang has been connected to the Accellion breach, which also left Morgan Stanley, the cybersecurity company Qualys, and the grocery behemoth Kroger as victims.