Click to Skip Ad
Closing in...
  1. New stimulus check
    13:08 Politics

    New $3,000+ stimulus payments are coming – here’s when you’ll start getting yours

  2. IRS refund
    15:25 Politics

    10 million Americans got overcharged by the IRS, and you might be one of them

  3. Beats Studio Buds
    16:58 Tech

    Apple’s new wireless headphones just leaked in a software update

  4. Food Recall
    09:38 Lifestyle

    If you bought this delicious dessert, throw it out and get your money back

  5. iPhone 13
    10:33 Tech

    Rumor says Apple’s iPhone 13 will come in this exciting new color




This is some of the worst news that a bank customer can get after a hack

March 23rd, 2021 at 6:44 PM
Data breach

Earlier this month, the Michigan-based bank Flagstar disclosed that a security incident had occurred, following the hack by a group of ransomware attackers who exploited a bank vendor’s zero-day software vulnerability.

Now, it seems the incident was much worse than noted at the time. Personal information, including social security numbers of customers, bank employees, and even people with tenuous connections to the bank, were accessed as part of this data breach. That’s according to letters and communications from the bank that angry social media users have been sharing on Twitter. Flagstar’s webpage that was set up to explain what happened doesn’t mention the particulars, but the bank confirmed to at least one news outlet that a staggering amount of data may have been accessed — including SSNs, first and last names, phone numbers, and addresses.

Today's Top Deal This automatic jar opener went mega-viral on TikTok - now everyone's flooding Amazon to get one on sale! List Price:$25.99 Price:$19.99 You Save:$6.00 (23%) Available from Amazon, BGR may receive a commission Buy Now Available from Amazon BGR may receive a commission

“On March 6, 2021, we determined that one or more of the documents removed from the Accellion platform contained your Social Security Number, First Name, Last Name, Phone Number, Address,” Flagstar wrote in a letter to some customers shared via social media. “Out of an abundance of caution we have secured the services of Kroll to provide identity monitoring at no cost to you for two years.”

In a recap about what happened, penned by American Banker, the publication notes that the hackers exploited a flaw in the Fire Transfer Application software from Accellion that Flagstar was using to secure sensitive data. “We are seeing a clear trend of attacks on third-party suppliers, especially software vendors, to the financial sector as well as other industries,” Steve Silberstein, CEO of the Financial Services Information Sharing and Analysis Center, told the publication. “While financial services firms tend to have robust cybersecurity controls and defenses, third and fourth parties performing critical services for multiple valuable clients will continue to be lucrative targets for threat actors with a variety of motivations.”

Among other key details about this data breach:

  • The FTA software at issue here is reportedly 20 years old and was set to be wound down next month.
  • According to Brett Callow, a threat analyst at the threat investigation and anti-malware provider Emsisoft, the identity of the attackers is unclear.
  • A ransomware gang, per American Banker, did publish some of the data stolen in this data breach to the dark web. There was also a threat that more information would be published if the attackers weren’t paid a ransom.

One thing experts stress about events like this is that even though it was a third party with lax security that was taken advantage of, banks still have a first-party obligation to make sure their customers’ data isn’t being handled carelessly. You don’t say.

Today's Top Deal This automatic jar opener went mega-viral on TikTok - now everyone's flooding Amazon to get one on sale! List Price:$25.99 Price:$19.99 You Save:$6.00 (23%) Available from Amazon, BGR may receive a commission Buy Now Available from Amazon BGR may receive a commission

Andy is a reporter in Memphis who also contributes to outlets like Fast Company and The Guardian. When he’s not writing about technology, he can be found hunched protectively over his burgeoning collection of vinyl, as well as nursing his Whovianism and bingeing on a variety of TV shows you probably don’t like.




Popular News