Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Flagstar Bank customer data breached through Accellion hack
#1
Quote:Like many other users, Flagstar Bank has now permanently stopped using the platform.
 
Flagstar Bank has been added to a list of companies breached due to an Accellion software zero-day vulnerability. 
 
 
The bank, headquartered in Michigan, is a Flagstar Bancorp, subsidiary and provides mortgages and other financial services to US customers. 
 
In a [color=var(--theme-link_a)]statement posted on Flagstar Bank's website, the organization says that Accellion first informed the company of a security issue on January 22, 2021. [/color]
 
Accellion's file-sharing program, File Transfer Appliance (FTA), is an enterprise product used to transfer large files. While now [color=var(--theme-link_a)]discontinued and supplanted by other software such as Kiteworks, a zero-day vulnerability in the legacy software was found in December and has since been exploited by attackers in the wild. [/color]
 
Reported victims include [color=var(--theme-link_a)]Qualys, the Reserve Bank of New Zealand, the [color=var(--theme-link_a)]Australian Securities and Investments Commission[/color] (ASIC), and Transport for [color=var(--theme-link_a)]New South Wales[/color] (TfNSW). [/color]
"After Accellion informed us of the incident, Flagstar permanently discontinued use of this file sharing platform," Flagstar Bank says. "Unfortunately, we have learned that the unauthorized party was able to access some of Flagstar's information on the Accellion platform and that we are one of numerous Accellion clients who were impacted."
In an email sent to a customer on March 6 and viewed by ZDNet, the company says it "acted immediately to contain the threat and have engaged a team of third-party forensic experts to investigate and determine the full scope of this incident."
 
Flagstar Bank says that operations were not impacted and the Accellion platform was "segmented" from other network elements such as core banking and mortgage systems. 
 
The financial organization has not revealed how many customers have been embroiled in the leak, or what records may have been compromised. The bank added that anyone thought to be involved will be contacted via mail and "will receive information regarding free credit monitoring services."
 
Kroll has been hired to provide free credit monitoring tools. 
 
When a customer queried why Flagstar Bank was made aware of the breach in January and has only reached out now upon receipt of the email, the company apologized and said it "understood [their] frustration."  
"Investigations of this nature take time and the results are not instantaneous," the email read. "We're working as fast as we can to ensure a thorough, diligent review and are committed to providing updates as soon as we have them."
Flagstar Bank declined to comment further. 


Source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  NortonLifeLock warns that hackers breached Password Manager accounts mrtrout 1 529 01-14-2023 , 03:26 PM
Last Post: Mike
  Digital security giant Entrust breached by ransomware gang mrtrout 0 647 07-23-2022 , 12:02 AM
Last Post: mrtrout
  Hackers breached China’s National Games ahead of last year’s competition Mohammad.Poorya 0 846 02-04-2022 , 05:27 PM
Last Post: Mohammad.Poorya
  Buying Breached Data: When Is It Ethical? Bjyda 0 745 03-31-2021 , 09:43 PM
Last Post: Bjyda
  Fleeceware Apps Bank $400M in Revenue Bjyda 0 742 03-27-2021 , 11:17 PM
Last Post: Bjyda

Forum Jump:


Users browsing this thread: 1 Guest(s)