Flagstar Bank Was Hacked in December 2021, Affecting 1.5 Million Customers

Michigan-headquartered Flagstar Bank operates over 150 branches in several states, including California, Ohio, Wisconsin, and Indiana. The bank caters to enterprises and customers and generates annual revenue of more than $1.6bn, accounting for approximately $23.2 billion in assets. The bank describes itself as the country’s 6th largest bank mortgage originator.

Flagstar filed an official notice of data breach, sending a data breach letter to affected customers.

Data breach notification letter noted: 

“After an extensive forensic investigation and manual document review, we discovered on June 2, 2022, that certain impacted files containing your personal information were accessed and/or acquired from our network between December 3, 2021, and December 4, 2021.”

After a thorough investigation, the bank concluded on June 2, 2022, that the attackers accessed customer details, including names and social security numbers. The bank mentioned no indication that the breached data had been sold, leaked, or misused. However, Flagstar didn’t disclose whether the security incident was due to an internal vulnerability or was a third-party breach.

The bank also promised to strengthen its security defenses by minimizing vulnerabilities to avoid similar incidents in the future.

McShane & Brady is a Kansas City law firm that represents those who have been victim of data breaches and HIPAA violations.  Our firm has represented millions who have had their personal and private information made public from breaches of security.  If you have been a victim, please contact our office at 816-888-8010 or fill out our online questionnaire.