Do you have an account with Flagstar Bank?

As one of the largest banks in the United States, it's quite possible that you do.

If so, be aware that the company recently issued a breach disclosure notification relating to a security incident that occurred in December of 2021 when unknown attackers breached the company's network.


Flagstar's notification says

"...Upon learning of the incident, we promptly activated our incident response plan, engaged external cybersecurity professionals experienced in handling these types of incidents, and reported the matter to federal law enforcement. 

We have no evidence that any of the information has been misused. Nevertheless, out of an abundance of caution, we want to make you aware of the incident."


Not the best response to a breach

The company also announced that they would be offering two free years of identity monitoring services to impacted individuals.

That's good because based on information that Flagstar submitted to the Maine Attorney General's office, there are a lot of impacted individuals.  More than a million and a half, in fact.

While there's nothing outwardly wrong with the breach notification that the company sent out, there are two key pieces of information that are conspicuously absent.

First, there's no explanation as to why it took the company half a year to realize that the breach had occurred.

Second, the notification gives no information about exactly what types of information that the attackers made off with.  Is it enough for a hacker to steal one's identity?  Based on Flagstar's offering identity monitoring protection, which would seem to be the case. However, there are no particulars provided, so we are left to guess.


My perspective

In our view, this could have been handled better.  Here's hoping that Flagstar is more forthcoming in the days ahead.


Yet another bank CEO saying:
"Well, here's another nice mess you've gotten me into"


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short.

For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work-at-home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.


Contact me if you would like me to speak to your association