This is some of the worst news that a bank customer can get after a hack

Earlier this month, the Michigan-based bank Flagstar disclosed that a security incident had occurred, following the hack by a group of ransomware attackers who exploited a bank vendor’s zero-day software vulnerability.

Now, it seems the incident was much worse than noted at the time. Personal information, including social security numbers of customers, bank employees, and even people with tenuous connections to the bank, were accessed as part of this data breach. That’s according to letters and communications from the bank that angry social media users have been sharing on Twitter. Flagstar’s webpage that was set up to explain what happened doesn’t mention the particulars, but the bank confirmed to at least one news outlet that a staggering amount of data may have been accessed — including SSNs, first and last names, phone numbers, and addresses.

Today’s Top Deal Amazon coupon deal gets you a best-selling 4K camera drone for only $59.99! List Price:$99.99 Price:$59.99 You Save:$40.00 (40%) Available from Amazon, BGR may receive a commission Buy NowCoupon Code: TOMZOND25 Available from Amazon BGR may receive a commission

“On March 6, 2021, we determined that one or more of the documents removed from the Accellion platform contained your Social Security Number, First Name, Last Name, Phone Number, Address,” Flagstar wrote in a letter to some customers shared via social media. “Out of an abundance of caution we have secured the services of Kroll to provide identity monitoring at no cost to you for two years.”

So @flagstar lost the personal information of my entire family to hackers. We all get letters on a Saturday when you can’t contact anyone. Although it won’t fix the issue, I will be looking for a new bank first thing Monday. 🤬

— Strawberry Moon (@StrawMoon1994) March 21, 2021

love to have your name, address, phone number, and ssn on documents uploaded to a file transfer platform that gets popped. i haven’t even had a @flagstar acct in a decade, must be from getting put on my mother’s acct a few years back.

— Acting Deputy Secretary Kyle Lady (@kylelady) March 22, 2021

.@flagstar TFW a sketchy, incompetent bank I never wanted a relationship with gives my SSN and other personal info to criminals via a data breach. Isn’t protecting your customer’s personal information your most important responsibility? Not happy🤬😡😠

— Mark Frizzell (@marknocal) March 21, 2021

In a recap about what happened, penned by American Banker, the publication notes that the hackers exploited a flaw in the Fire Transfer Application software from Accellion that Flagstar was using to secure sensitive data. “We are seeing a clear trend of attacks on third-party suppliers, especially software vendors, to the financial sector as well as other industries,” Steve Silberstein, CEO of the Financial Services Information Sharing and Analysis Center, told the publication. “While financial services firms tend to have robust cybersecurity controls and defenses, third and fourth parties performing critical services for multiple valuable clients will continue to be lucrative targets for threat actors with a variety of motivations.”

Among other key details about this data breach:

  • The FTA software at issue here is reportedly 20 years old and was set to be wound down next month.
  • According to Brett Callow, a threat analyst at the threat investigation and anti-malware provider Emsisoft, the identity of the attackers is unclear.
  • A ransomware gang, per American Banker, did publish some of the data stolen in this data breach to the dark web. There was also a threat that more information would be published if the attackers weren’t paid a ransom.

One thing experts stress about events like this is that even though it was a third party with lax security that was taken advantage of, banks still have a first-party obligation to make sure their customers’ data isn’t being handled carelessly. You don’t say.

Today’s Top Deal Today’s Amazon’s deals are up to 50% off and available here Price:$0.99 Available from Amazon, BGR may receive a commission Buy Now Available from Amazon BGR may receive a commission

Andy is a reporter in Memphis who also contributes to outlets like Fast Company and The Guardian. When he’s not writing about technology, he can be found hunched protectively over his burgeoning collection of vinyl, as well as nursing his Whovianism and bingeing on a variety of TV shows you probably don’t like.

Leave a Reply

Your email address will not be published. Required fields are marked *