Skip to main content

A United States Bank Hit By Ransomware And Data Breach

By March 15, 2021May 5th, 2022Cybersecurity

A few months ago, it became widely known that there was a critical security vulnerability in Accellion FTA servers. Naturally, hackers wasted no time exploiting the vulnerability, and since then, we’ve seen a few instances of high-profile data breaches traced back to that very vulnerability. Flagstar bank is the latest such victim. Recently, the company disclosed that their network had been breached and that a range of customer data had been exposed.

The company’s formal statement on the matter reads in part as follows:

Accellion, a vendor that Flagstar uses for its file sharing platform, informed Flagstar on January 22, 2021, that the platform had a vulnerability that was exploited by an unauthorized party. After Accellion informed us of the incident, Flagstar permanently discontinued use of this file sharing platform.

Unfortunately, we have learned that the unauthorized party was able to access some of Flagstar’s information on the Accellion platform and that we are one of numerous Accellion clients who were impacted.”

The hackers behind the attack sent a ransom note to Flagstar, demanding payment in Bitcoin, or the group would publish the data they had stolen. They also provided a screen shot displaying a small portion of the stolen data, and from this we can glean that the following information was exfiltrated:

  • Bank employee information, including hire date and salary information
  • Customer names
  • Customer social security numbers
  • Customer addresses and phone numbers
  • Customer tax records

And the like.

Although the original zero-day Accellion security flaw has now been patched, since then, new vulnerabilities have been discovered and are being actively exploited. So unfortunately, Flagstar bank is almost certainly not going to be the last company to suffer a breach like this.

In any case, Flagstar has already begun the process of reaching out to their impacted customers. If you do business with the bank and were impacted, you’ve probably already received some form of communication. If not, call their support line or visit them on the web to find out if or whether you’ve been impacted.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.