Flagstar bank — a financial institution based in Michigan has been hacked. More than 800,000 of their customers have had their personal information stolen by the hackers. The bank notified customers about the hack via a message. The hack targeted Fiserv, which is a third-party payment processor the bank uses for mobile banking via a zero-day vulnerability in the MOVEit Transfer system. Fiserv offers their services to hundreds of banks. Social security numbers and names were among the data stolen.
Flagstar was also affected by a breach in June 2022 that affected 1.5 million of their customers. Data stolen in that hack included social security numbers and the customers’ names. There was another hack in March 2021 on the company’s Accellion file transfer server.
A zero-day vulnerability is a security vulnerability in software that was unknown to its developers and has not yet been patched.
