1.5 Million Customers Impacted By US Bank Data Breach – Possible Lessons Learned

Posted DateAugust 16, 2022
Posted Time 3   min Read

Cybercriminals pick their targets based on two main motives – maximum profit and maximum impact. With the highest penetration rates for digital banking and the increased adoption of digital transformation, banks perfectly meet these conditions and are disproportionately targeted by attackers.

Financial firms are 300 times more likely to experience cyberattacks than other firms according to Boston Consulting Group (BCG). Over the years, several data breaches have targeted banking and finance, putting their customers at risk.

One of America’s largest banks, Flagstar bank, recently confirmed a data breach that exposed the sensitive details of 1.5 million customers.

Flagstar Bank Was Hacked in December 2021, Affecting 1.5 Million Customers

Michigan-headquartered Flagstar Bank operates over 150 branches in several states, including California, Ohio, Wisconsin, and Indiana. The bank caters to enterprises and customers and generates annual revenue of more than $1.6bn, accounting for approximately $23.2 billion in assets. The bank describes itself as the country’s 6th largest bank mortgage originator.

Flagstar filed an official notice of data breach, sending a data breach letter to affected customers.

Data breach notification letter noted: 

After an extensive forensic investigation and manual document review, we discovered on June 2, 2022, that certain impacted files containing your personal information were accessed and/or acquired from our network between December 3, 2021, and December 4, 2021.”

After a thorough investigation, the bank concluded on June 2, 2022, that the attackers accessed customer details, including names and social security numbers. The bank mentioned no indication that the breached data had been sold, leaked, or misused. However, Flagstar didn’t disclose whether the security incident was due to an internal vulnerability or was a third-party breach.

The bank also promised to strengthen its security defenses by minimizing vulnerabilities to avoid similar incidents in the future.

Previous Security Incidents

This is not the first time the bank has been breached. The worst thing is the second data breach happened less than a year after a similar security incident affected the bank’s customers. In January 2021, Flagstar became one of the many victims of the Accellion File Transfer Appliance (FTA) data breach.

Accellion hack exploited vulnerabilities in their legacy FTA (File Transfer Appliance) and gained unauthorized access to corporate documents. The stolen data included customer phone numbers, addresses, tax records, and social security numbers.

Avoid Data Breaches with Data Privacy Recommendation

The recent spate of Flagstar data breaches has highlighted those breaches are ample; however, you need to understand that data breaches can be preventable. Here are some recommendations for financial organizations to enhance data privacy:

  • Identify and classify your sensitive data
  • Use data monitoring, identity, and access management to scale down the information accessibility
  • Identify malicious sites and known threats and block them immediately with a web application firewall, which aligns comprehensive security with real-time alerts.
  • Integrate the vulnerability assessment process with regular operations to identify and cements the gaps in your security process
  • Have a proper data disposal policy in place
  • Secure sensitive information through advanced technologies like data masking, encryption, tokenization, and more
  • Prepare for a security breach with a proper breach response plan

Lessons Learned 

The increasing number of recent data breaches reported by companies highlights that a data breach can’t be stopped with a single solution. Further data breaches can take multiple forms and can be caused due to a variety of reasons, including weak data security practices and improper data disposal processes. The relaxed attitude towards data security is no longer a viable option for any enterprise.

The constant increase in the number of data breach incidents and the damage they cause calls for investment in managed security service providers to design robust end-to-end security solutions.

Indusface has proven high-level expertise in application security solutions to protect your data, critical systems, and vulnerability access points.

Indusface Strengthens Data Security of Banks with WAF Implementation

Indusface enables banks and other financial services providers worldwide to defeat their toughest challenges and accelerate digital transformation while assuring compliance and security. Through threat intelligence and behavioral analytics, AppTrana WAF protects banks’ digital infrastructure by monitoring and filtering malicious traffic.

Spotting any suspicious behavior independently, this advanced WAF protects from threats such as Data breaches, DDoS assaults, API abuse, or any of the OWASP Top 10 risks.

Here is a review on Gartner by one of our customers:

AppTrana WAF: Safeguarding All SaaS Customers

With AppTrana, our customers gained seamless protection against application vulnerabilities while ensuring regulatory compliance, richer functionality, and better end-customer support.

Stay tuned for more relevant and interesting security articles. Follow Indusface on FacebookTwitter, and LinkedIn.

Fintech Banner

Vinugayathri - Senior Content Writer
Vinugayathri Chinnasamy

Vinugayathri is a content writer of Indusface. She has been an avid reader & writer in the tech domain since 2015. She has been a strategist and analyst of upcoming tech trends and their impact on the Cybersecurity, IoT and AI landscape. She is an upcoming content marketer simplifying technical anomalies for aspiring Entrepreneurs.

Share Article:

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.