(WWJ) – Troy-based Flagstar bank is notifying 1.5 million customers of a data breach last December in which hackers accessed personal data, including social security numbers.
A data breach notification from the Maine Attorney General sent to exposed customers shows Flagstar experienced a security incident last December 3-4, with hackers breaching the bank's corporate network.
The notification says 1,547,169 people were impacted by the breach, which wasn't discovered and contained until December 2021. A company spokesperson said that upon detection, they took the steps necessary to secure their environment and commence an investigation.
Officials say customers' full names and social security numbers were exposed in the breach.
Flagstar officials say when they learned of the incident, they quickly activated their incident response plan, engaged external cybersecurity professionals and reported the incident to federal law enforcement, according to a report from Bleeping Computer.
"Our thorough forensic investigation, which took place over the course of several months, has provided us with a comprehensive understanding of this incident's impact and scope," said the company spokesperson. "Now that the extensive forensic investigation is complete, we are in the process of notifying individuals who may have been impacted directly via U.S. mail."
Bank officials said there's "no evidence that any of the information has been misused," and they were notifying customers out of an abundance of caution.
The bank is providing free two years of identity monitoring and protection services to impacted customers.
Flagstar experienced a similar incident in January 2021 when a ransomware gang breached the bank's servers. The bank also provided free identity monitoring and protection in the wake of that breach.
