Customers of Troy-based Flagstar Bancorp. are among those impacted by what appears to be a damaging cybersecurity breach of a Silicon Valley file-sharing firm.
As a result of the potential breach of customer information, the bank says it will offer those impacted a free two-year membership in credit monitoring and identity theft protection services.
Flagstar Bank, among the largest lenders headquartered in Michigan, announced on March 5 that it was informed in late January by vendor Accellion Inc. that the latter company had been breached.
“After Accellion informed us of the incident, Flagstar permanently discontinued use of this file sharing platform. Unfortunately, we have learned that the unauthorized party was able to access some of Flagstar’s information on the Accellion platform and that we are one of numerous Accellion clients who were impacted,” the bank wrote in a statement on its website.
“Upon discovery, we acted immediately to contain the threat and engaged a team of third-party forensic experts to investigate and determine the full scope of this incident,” the statement continued. “After a thorough, diligent review of the data, we are now in the process of notifying impacted customers directly via U.S. Mail.”
It’s unclear how many customers of the bank may have been impacted.
A published report earlier this month in Vice reported that hackers had posted a multitude of personal information — names, social security numbers, and home addresses — of Flagstar employees in a purported extortion attempt.
A spokesperson for Flagstar Bank declined to specific questions from Crain’s on Wednesday evening.
The hack at the end of this year appears to have impacted a host of Accelion clients, including the central bank of New Zealand, Harvard Business School, and Jones Day, a major U.S. law firm, according to The Associated Press.