We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Flagstar Bank Breach Exposes 837,000 Customers’ Data

Flagstar Bank Breach Exposes 837,000 Customers’ Data
Author Image Keira Waddell
Keira Waddell Published on 11th October 2023 Former Senior Writer

Flagstar Bank, a prominent American financial institution, has fallen victim to a data breach, exposing the personal information of more than 800,000 of its US customers. This marks the third data breach incident for the bank in just over two years. According to Maine’s data breach portal, the stolen data includes sensitive information, such as customer names and Social Security numbers.

Flagstar Bank, headquartered in Troy, Michigan, and a wholly owned subsidiary of New York Community Bank, is a significant player in the US residential mortgage servicing industry. The breach, however, did not directly target Flagstar Bank itself. Instead, it originated from a breach at a third-party service provider, Fiserv, which offers payment processing and mobile banking services to the bank. Fiserv was a victim of the large-scale MOVEit campaign orchestrated by the Russia-linked ransomware group known as Cl0p.

According to the bank’s breach notification sent to affected customers, the unauthorized activity occurred between May 27 and May 31, 2023. During this period, threat actors accessed files transferred via Fiserv’s MOVEit software, including customer data belonging to Flagstar Bank and related institutions.

The bank emphasized that the MOVEit flaw did not compromise any of its own systems and did not affect its ability to provide services to its customers. Nevertheless, the breach underscores that even third-party service providers and their vulnerabilities can directly impact client organizations and their customers.

Flagstar Bank has taken steps to address the breach’s impact on its customers. They have offered affected individuals complimentary identity monitoring services and have advised them to remain vigilant and closely monitor their credit history.

This significant breach serves as a reminder of the ongoing threats faced by organizations in the financial sector, and the need for robust cybersecurity measures to stop sensitive customer data from falling into the wrong hands.

About the Author

Keira was a senior writer at vpnMentor. She is an experienced cybersecurity and tech writer dedicated to providing comprehensive insights on VPNs, online privacy, and internet censorship.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address