A few months ago, it became widely known that there was a critical security vulnerability in Accellion FTA servers. Naturally, hackers wasted no time exploiting the vulnerability, and since then, we’ve seen a few instances of high-profile data breaches traced back to that very vulnerability. Flagstar bank is the latest such victim. Recently, the company disclosed that their network had been breached and that a range of customer data had been exposed.

The company’s formal statement on the matter reads in part as follows:

“Accellion, a vendor that Flagstar uses for its file sharing platform, informed Flagstar on January 22, 2021, that the platform had a vulnerability that was exploited by an unauthorized party. After Accellion informed us of the incident, Flagstar permanently discontinued use of this file sharing platform.

Unfortunately, we have learned that the unauthorized party was able to access some of Flagstar’s information on the Accellion platform and that we are one of numerous Accellion clients who were impacted.”

The hackers behind the attack sent a ransom note to Flagstar, demanding payment in Bitcoin, or the group would publish the data they had stolen. They also provided a screen shot displaying a small portion of the stolen data, and from this we can glean that the following information was exfiltrated:

• Bank employee information, including hire date and salary information
• Customer names
• Customer social security numbers
• Customer addresses and phone numbers
• Customer tax records

And the like.

Although the original zero-day Accellion security flaw has now been patched, since then, new vulnerabilities have been discovered and are being actively exploited. So unfortunately, Flagstar bank is almost certainly not going to be the last company to suffer a breach like this.

In any case, Flagstar has already begun the process of reaching out to their impacted customers. If you do business with the bank and were impacted, you’ve probably already received some form of communication. If not, call their support line or visit them on the web to find out if or whether you’ve been impacted.