Flagstar Bank says hack impacted 1.5 million customers

Flagstar Bank in Troy, Michigan, was hit with a massive data breach last winter impacting over 1.5 million of its customers, the company reported.

In a disclosure Friday to the Office of the Maine Attorney General, the bank revealed that a two-day breach in early December affected 1,547,169 customers. The incident, only described as an “external system breach (hacking)”, occurred between Dec. 3 and 4, and an investigation with third-party forensic experts discovered on June 2 that Social Security numbers were acquired, according to the filing.

“For those impacted, we have no evidence that any of their information has been misused,” the firm said in a statement Tuesday. “Nevertheless, out of an abundance of caution we are offering complimentary credit monitoring services.”

Flagstar said it's providing impacted customers two years of complimentary Kroll credit monitoring services.

The lender closed $8.2 billion in mortgage loans during the first quarter of 2022, according to an earnings report, a decline of 40% from $13.8 billion from last year's first quarter and a 23% drop from the $10.7 billion closed over the last three months of 2021. Flagstar, in response to declining home loan volume, has cut approximately 20% of its mortgage staff since the beginning of the year. 

The company is also in the midst of a merger with New York Community Bank to become a national bank, a move over a year in the making with a deadline at the end of October.

The December hack at Flagstar is the latest in a series of data breach revelations this spring from mortgage firms, and the largest at a mortgage lender. Banks and non-banks have been hit with cyberattacks impacting hundreds of thousands, according to filings with various state attorneys general offices since January.

The biggest hack occurred at the servicers Lakeview Loan Servicing and Pingora Loan Servicing, subsidiaries of Florida-based Bayview Asset Management, which earlier this spring disclosed a cyberattack last fall affecting over 2 million of their customers. The servicers are facing a federal class action lawsuit from customers alleging the firms failed to protect their personally identifiable information. 

In addition to data breaches, the industry is also facing a monthly average of 1,431 fraud attempts in 2021. Wire or title fraud occurred in one of every three transactions over the first quarter of 2022, according to the fraud prevention software provider Funding Shield.

For reprint and licensing requests for this article, click here.
Fraud Cyber security Industry News
MORE FROM AMERICAN BANKER