Flagstar Bank suffers data breach as employee data posted online
Michigan-based Flagstar Bank has fallen victim to a data breach caused by a vulnerability in the Accellion file sharing service.
Criminals have reportedly posted the personal details of bank employees online following the breach.
Vice received emails from a group claiming responsibility for the cyberattack. The messages directed the publication to posts on the dark web featuring sensitive information.
The bank has issued a statement revealing it had been aware of a breach on 22 January. Accellion told the bank of its vulnerability, and Flagstar “permanently discontinued” its use of the software.
“Unfortunately, we have learned that the unauthorised party was able to access some of Flagstar’s information on the Accellion platform,” the bank writes.
“The Accellion platform was segmented from the rest of our network, and our core banking and mortgage systems were not affected.”
Accellion’s File Transfer Appliance (FTA), is an enterprise-grade platform for transferring large file sizes.
The zero-day vulnerability has affected a handful of other companies, including the Reserve Bank of New Zealand and the Australian Securities and Investments Commission (ASIC).
The bank has signed a deal with Kroll for the providence of credit monitoring services and identity theft restoration.