Kamso Oguejiofor-Abugu
Published on: October 12, 2023 
Flagstar Bank, previously one of the largest banks in the US with assets over $31 billion, is once again under the cybersecurity spotlight. The Michigan-based financial institution, now under the ownership of New York Community Bank, has announced its third data breach since 2021, potentially compromising the personal data of over 800,000 U.S. customers.
This latest breach occurred through the bank’s reliance on Fiserv, a third-party service provider responsible for transaction processing and mobile banking services. Fiserv fell victim to the MOVEit Transfer data theft attacks, part of the recent wave of breaches linked to the MOVEit platform that impacted thousands of organizations and over 64 million people worldwide.
“Our vendor promptly launched an investigation into the nature and scope of the MOVEit vulnerability’s impact on its systems and discovered that the unauthorized activity in the MOVEit Transfer environment occurred between Mav 27 and 31, 2023, which was before the existence of this vulnerability was publicly disclosed,” reads Flagstar’s consumer notification template. “During that time, unauthorized actors obtained our vendor files transferred via MOVEit.”
This breach isn’t the first time Flagstar Bank’s data has been at risk. In January 2021, the Clop ransomware gang exploited its Accellion file transfer server, obtaining customer and employee data, including SSNs, tax records, addresses, and more. Another breach in June 2022 impacted over 1.5 million American customers.
James McQuiggan, a Security Awareness Advocate at KnowBe4, emphasized the ongoing challenges organizations face with third-party vendor vulnerabilities. “This incident highlights the imperative for an enhanced cybersecurity framework within organizations and extending into the broader networks of third-party arrangements,” McQuiggan said.
“To help prevent something like this happening again our vendor has, through their service provider, remediated all technical vulnerabilities and patched systems in accordance with the MOVEit software provider’s guidelines’” Flagstar said. “Our vendor’s service provider also mobilized a technical response team to examine the relevant MOVEit systems and ensure that there were no further vulnerabilities”.
- SEO Powered Content & PR Distribution. Get Amplified Today.
- PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
- PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
- PlatoESG. Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
- PlatoHealth. Biotech and Clinical Trials Intelligence. Access Here.
- Source: https://www.safetydetectives.com/news/flagstar-bank-data-breach-affects-over-800000-customers-through-third-party-vendor/
