Flagstar Bank is notifying customers that a data breach targeting a third-party vendor has resulted in the exposure of personal customer information. Flagstar uses the vendor in question, Fiserv, for transaction processing and mobile banking services. The notice sent out on Friday states that Fiserv is one of the many organisations impacted by the headlining mass MOVEit file transfer hack.
Prior to its 2022 acquisition by New York Community Bank, Flagstar previously had assets of over $31 billion as one of the largest banks in the United States. The bank is now contacting over 800,000 customers to alert them of the breach impacting the third-party vendor, Fiserv. This is the third breach Flagstar has suffered since 2021.
“The incident involved vulnerabilities discovered in MOVEit Transfer, a file transfer software used by our vendor to support services it provides to Flagstar and its related institutions,” reads the consumer notification letter.