Flagstar Bank Admits the Accellion Incident Affected Them as Well

  • Flagstar sends out notifications of a breach to customers, along with a credit protection service.
  • It took the bank about five weeks to conclude its internal investigation and inform its clients.
  • This is yet another client of Accellion that was compromised due to flaws in the software.

The Accellion incident that affected hundreds of FTA clients, including Bombardier, has just had another high-profile entity added to the list: the Michigan-based Flagstar Bank. The particular financial service provider is one of the largest residential mortgage providers and is among the top 100 banks (financial size) in the United States. Thus, this has the potential to impact a large number of Americans, which is why action to mitigate the involved risks is already being taken.

According to Flagstar’s announcement, Accellion informed them of the ongoing exploitation right after discovering it on January 22, 2021. The bank was using Accellion’s file sharing platform, inadvertently letting hackers access information on its systems.

Upon learning about the exploit, the bank discontinued the product’s use and engaged a team of third-party forensic experts to investigate and determine the scope of the incident. Reportedly, that is why it took them a while to deliver this notice to the public.

Now, the company is sending individual notifications to the impacted clients and is informing the data protection offices in accordance with state and federal regulations. Moreover, the impacted customers will receive credit monitoring services for free, hopefully saving them from fraudsters, hackers, and impersonators. These services will be provided through Kroll and will last for 24 months, including identity theft restoration, credit monitoring, and fraud consultation. Instructions on how to register for these services should be enclosed in the individual notices.

Additionally, you are advised to review account statements regularly and inform the bank and/or the law enforcement if you see anything suspicious. Also, request copies of credit reports every 12 months to see if you can find any activity that you don’t recognize as your own. In extreme cases of precautionary action, you can place a security freeze on your credit file.

It is quite unfortunate that clients of Flagstar Bank were left as prey to fraudsters for a total of 1.5 months now, so if you have received any weird emails or phone calls during that time, try to recall what information you’ve given away to the actors. If it was passwords, usernames, PINs, SSNs, etc., go ahead and reset them as soon as possible. The bank should have moved quicker for sure, but in any case, it’s better late than never.



Indian Banks and Finance Companies Targeted by Multi-Staged JSOutProx RAT Malware

Indian banks and financial institutions are being targeted by a multi-tier JSOutProx RAT that acts in two stages.The malware uses spear-phishing emails...

Mega Deletes 144,000+ User Accounts for Repeated Copyright Infringement

Mega has changed its policies and terminated over 144,000 accounts for repeated copyright infringement violations.The company says flagged data is taken down...

YouTube Creators Targeted With Phishing Scams Based on Cookie Theft Malware

Google discoverd a new Cookie Theft-based phishing scam that targeted channels belonging to YouTube creators.Actors were sending phishing emails and hijacking channels...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari