{
	"id": "24abe139-c5be-4fac-ac45-7bbed8aefc0e",
	"created_at": "2026-04-06T00:06:55.40778Z",
	"updated_at": "2026-04-10T13:12:01.927254Z",
	"deleted_at": null,
	"sha1_hash": "f6e053c8749db7217b532e450378e88c684f3a4a",
	"title": "Third Flagstar Bank data breach since 2021 affects 800,000 customers",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 781959,
	"plain_text": "Third Flagstar Bank data breach since 2021 affects 800,000 customers\r\nBy Bill Toulas\r\nPublished: 2023-10-08 · Archived: 2026-04-05 20:28:25 UTC\r\nFlagstar Bank is warning that over 800,000 US customers had their personal information stolen by cybercriminals due to a\r\nbreach at a third-party service provider.\r\nFlagstar, now owned by the New York Community Bank, is a Michigan-based financial services provider that, before its\r\nacquisition last year, was one of the largest banks in the United States, having total assets of over $31 billion.\r\nA data breach notification sent to impacted customers explains that Flagstar was indirectly impacted by Fiserv, a vendor it\r\nuses for payment processing and mobile banking services.\r\nhttps://www.bleepingcomputer.com/news/security/third-flagstar-bank-data-breach-since-2021-affects-800-000-customers/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/third-flagstar-bank-data-breach-since-2021-affects-800-000-customers/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nFiserv was breached in the widespread CLOP MOVEit Transfer data theft attacks that have impacted over 64 million people\r\nand two thousand organizations worldwide, according to a report by Emsisoft.\r\nThe attackers exploited a zero-day vulnerability in the MOVEit Transfer product to access Fiserv’s systems and, from there,\r\nstole Flagstar customer data the vendor held to provide services.\r\nThe types of data that were compromised are redacted in the sample data breach notification letters. However, the entry\r\non Maine’s data breach portal lists at least names and Social Security Numbers (SSNs) as stolen by the threat actors.\r\nThe total number of Flagstar Bank customers impacted by this incident is 837,390 in the United States.\r\nA third breach in two years\r\nThis latest breach is the third for Flagstar since March 2021, when it disclosed it suffered a breach from the Clop\r\nransomware gang, who, at that time, hacked its Accellion file transfer server in January of that year.\r\nBased on the data samples posted by the ransomware gang, the hackers managed to steal customer and employee\r\ninformation, including names, addresses, phone numbers, tax records, and SSNs.\r\nIn June 2022, Flagstar disclosed another breach of its corporate network that impacted over 1.5 million of its customers in\r\nthe U.S.\r\nThe data compromised in that incident includes at least names and Social Security Numbers. At the time, the company opted\r\nagain to censor the relevant section on the published notification samples.\r\nWhat is more worrying is that Fiserv offers services to hundreds of banks, which it has indirectly exposed in the past due to\r\nother security lapses.\r\nBleepingComputer has contacted Fiserv to ask if the MOVEit breach affects more financial institutions and their customers,\r\nand we will update this post as soon as we receive a response.\r\nhttps://www.bleepingcomputer.com/news/security/third-flagstar-bank-data-breach-since-2021-affects-800-000-customers/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/third-flagstar-bank-data-breach-since-2021-affects-800-000-customers/\r\nhttps://www.bleepingcomputer.com/news/security/third-flagstar-bank-data-breach-since-2021-affects-800-000-customers/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/third-flagstar-bank-data-breach-since-2021-affects-800-000-customers/"
	],
	"report_names": [
		"third-flagstar-bank-data-breach-since-2021-affects-800-000-customers"
	],
	"threat_actors": [],
	"ts_created_at": 1775434015,
	"ts_updated_at": 1775826721,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f6e053c8749db7217b532e450378e88c684f3a4a.pdf",
		"text": "https://archive.orkl.eu/f6e053c8749db7217b532e450378e88c684f3a4a.txt",
		"img": "https://archive.orkl.eu/f6e053c8749db7217b532e450378e88c684f3a4a.jpg"
	}
}