Morgan & Morgan’s industry leading data privacy attorneys are investigating Flagstar Bank (“ Flagstar”) for a data breach which was first announced publicly in October 8th, 2023. Flagstar contacted impacted individuals, stating that attackers have accessed their data via Fiserv, a company that the bank “uses for payment processing and mobile banking purposes.” Fiserv, like thousands of other companies, employed the MOVEit Transfer software.
“[…] the unauthorized activity in the MOVEit Transfer environment occurred between May 27th and 31st, 2023, which was before the existence of this vulnerability was publicly disclosed. During that time, unauthorized actors obtained our vendor files transferred via MOVEit. These files included Flagstar Bank and related institution customer information, including yours,” reads the breach notification.
According to information that Flagstar Bank provided to the Maine Attorney General, 837,390 individuals were impacted by the attack. As a result of the attack, threat actors may have accessed customer Social Security numbers (SSNs).
John Yanchunis of Morgan & Morgan has been appointed Lead Counsel in two pending cases arising from two other breaches involving Flagstar bank and is uniquely qualified to represent consumers with regards to this recent data breach.