Flagstar Bank, a US-based financial institution, has experienced a data breach as a result of a cyberattack on its vendor, Fiserv. The attack involved the exploitation of MOVEit Transfer software and potentially exposed the personal information of numerous bank customers.
Flagstar Bank communicated with affected individuals, revealing that the unauthorized activity occurred between May 27th and 31st, 2023, before the vulnerability had been publicly disclosed. The breach impacted a significant number of clients, totaling 837,390, and there are concerns that threat actors may have gained access to Social Security numbers (SSNs), increasing the risk of identity theft.
Losing control of SSNs poses serious threats, as malicious actors can exploit stolen data in conjunction with other personal details for fraudulent activities. In response to the breach, Flagstar Bank is offering a complimentary identity monitoring service to help victims safeguard their information.
Impacted individuals have also been advised to stay vigilant and regularly monitor their credit history for any suspicious activity. This incident highlights the ongoing challenges and threats faced by organizations, particularly those relying on third-party vendors for critical services like payment processing and mobile banking.
References:
