Flagstar Bank Breach Compromises 1.5 million Social Security Numbers
More than 1.5 million Flagstar Bank customers were notified through a letter sent out on June 17th, 2022 that their Social Security numbers had been compromised. Flagstar, one of the country’s largest banks, based in Troy, Michigan, submitted a letter to the Office of the Attorney General, State of Maine alerting them to the incident as well. According to the bank, the attack took place during the dates of December 3rd and December 4th, 2021. Flagstar said there is no evidence that any of the information obtained in the breach has been used by the attackers. This attack comes a year after a prior incident that also included Social Security numbers plus other sensitive data such as tax records and contact information. A ransomware gang known as Clop exploited a zero-day vulnerability to gain access to the bank’s network and was announced to the public in March 2021.
|IDENTIFY INDICATORS OF COMPROMISE (IOC)|
Flagstar has not provided details regarding how they learned of the December attack but reports that the bank acted immediately upon discovery. After suppressing the attack and cleansing the infected systems, an extensive forensic investigation and document review was conducted for nearly six months. On June 2nd, the investigation determined that the personal data of 1,547,169 individuals was stolen.
|CONTAINMENT (If IoCs are identified)|
According to a company spokesperson, Flagstar responded to the breach immediately upon its discovery and was able to contain it.
|CLASS ACTION SUIT FILED|
A class action suit has been filed that alleges that Flagstar failed to properly safeguard the personal identifiable information (PII). The suit claims that the unnecessary delay in contacting those whose information was stolen left them exposed without knowledge or resources. The suit is seeking funds to finance credit monitoring for their respective lifetimes of all those affected by the breach. The suit also states that Flagstar has failed to disclose the root cause of the breach and how the information was accessed. It accuses Flagstar of failing to take proper security measures following the attack in 2020, which may have made the latest attack possible.
With the rise of cybercrime, every organization should have a well-designed incident response plan. One of the initial critical decisions that should be outlined in the IRP is whether to involve law enforcement. Many cyber insurance companies require this notification to remain covered under a policy.
Be prepared to provide a brief background of your business, a summary of how the attack has affected its operations.
Ensure your Incident Response Readiness (IRR) in the event of attack. Review your security and risk profile.