March 8, 2021: Notice of a Flagstar Bank Privacy Incident

Customers whose mortgage servicing transferred to Flagstar Bank may have received the notice shown below – sent from Flagstar Bank – advising of a privacy incident pertaining to their file sharing platform, Accellion. 


If Flagstar Bank determines customers have information that was compromised, they will send a written notice and offer free credit monitoring.


Advise customers requesting additional information about this notice to contact the Flagstar Bank Incident Response Line – designated to respond to this incident – by calling toll-free (855) 907-0446 (details shown below).


An updated newsflash and more information will be provided as additional details are learned about this incident.  


A copy of the notice customers may receive from Flagstar Bank is shown below.


Accellion, a vendor that Flagstar uses for its file sharing platform, informed Flagstar on January 22, 2021 that the platform had a vulnerability that was exploited by an unauthorized party.  After Accellion informed us of the incident, we permanently discontinued use of this file sharing platform. 


Unfortunately, we have learned that the unauthorized party was able to access some of Flagstar’s information on the Accellion platform – and that we are one of numerous Accellion clients who were impacted.
 
We acted immediately to contain the threat and have engaged a team of third-party forensic experts to investigate and determine the full scope of this incident.  We are working expeditiously with our internal and external teams to determine what data may have been accessed.

The security of our customer’s information is central to our business values. If we determine your personal information was impacted, we will contact you directly via U.S. Mail and, out of an abundance of caution, provide instructions to sign up for free credit monitoring services.

Flagstar has been and remains fully operational and other parts of our IT infrastructure outside of the Accellion platform were not impacted. Importantly, the Accellion platform was segmented from the rest of our network, and our core banking and mortgage systems were not affected.
 
Visit flagstar.com/protect at any time for ways you can protect yourself, including reviewing accounts, checking your credit report and additional best practices to keep your data secure.  If you have questions about the incident, you can call our dedicated team at (855) 907-0446, Monday – Friday 9 a.m. to 6:30 p.m. and this Saturday – Sunday 9 a.m. to 6:30 p.m., or email us at protect@flagstar.com.


Sincerely,
Zahira Gonzalvo
Chief Information Security and Privacy Officer