Flagstar Bank Data Breach Affects Over 1.5 Million Customers

Flagstar Bank, one of the largest residential mortgage servicers in the United States, is notifying 1.5 million clients of a data breach in which hackers obtained personal information during a cyberattack in December.

Flagstar Bank is a subsidiary of Flagstar Bancorp and financial services provider established in Michigan in 1987 with 150 operations across America and over $23.2 billion in assets.

Flagstar experienced a security problem in December 2021 when intruders infiltrated the bank's business network, according to data breach notifications sent to affected clients. Following an inquiry, the bank learned on June 2nd that the malicious actors gained access to sensitive client information such as complete names and social security numbers.

Once they discovered the incident, they immediately triggered their incident response strategy and reported the situation to federal law enforcement, the notice states. " We have no evidence that any of the information has been misused. Nevertheless, out of an abundance of caution, we want to make you aware of the incident." It reads.

Individuals impacted will receive two years of free identity monitoring and protection services from Flagstar.

According to information supplied to the Maine Attorney General's Office, the data breach affected 1,547,169 people in the United States. It is unknown why it took the bank nearly six months to identify the occurrence.

It is not the first time that Flagstar has been subjected to a data leak. The bank, along with other entities, was compromised of client information by the Clop ransomware gang in January 2021.

Cyber threats can never be eliminated, but they can be deterred more effectively than it is today. Having another copy of your data in different media or locations is definitely something companies are suggested to try. A full DR (Disaster Recovery) plan helps organizations respond to unanticipated situations such as natural disasters, power outages, cyber attacks, communication failures, and other disruptive events.

Vinchin Backup & Recovery is a virtual machine data protection solution providing a series of data backup, instant recovery, and offsite DR plan services for 11 mainstream virtualizations (VMware, XenServer, oVirt, etc.) across the manufacturing, financial sector, education, national institutions such as People's Bank of China and other industries.

How Vinchin Backup & Recovery Protects Data from Cyber Security Threats?

Vinchin Backup & Recovery employs strategies targeting cyber threats such as ransomware, cyber crime attempts, and data breach like the Flagstar incident.

Backup Storage Protection

Storage Protection can be activated while using Vinchin Backup & Recovery for VM backups to protect backup data in the backup repository. The real-time I/O monitor directly denies any data change request by unauthorized visitors, ensuring that only the Vinchin backup server has access to essential VM backups.

Archive to Cloud

You could archive data to AWS S3, Azure Blob Storage, Wasabi Hot Cloud Storage and MinIO Cloud the software supports as another preventive measure against ransomware attacks that can be used for either full VM recovery or instant restore to provide business resilience in a short period. And worth pointing out, that to ensure data security, data will be encrypted as it is transferred from backup storage to archive storage by enabling Encrypted Transmission. Even if the data are obtained illegally, their contents cannot be read.

Offsite Backup Copy

The offsite backup copy of the solution assists you in establishing your disaster recovery center. Vinchin Encrypted Backups will encrypt initial backup data with a bank-level algorithm, and subsequent offsite backup copies will be made based on the encrypted backups, ensuring the safety of your backups during the data transmission process. Even if both the local production environment and backup storage fail, offsite backup copies can be swiftly recovered to either a local or remote center for quick business restoration.

As cybercrime and security breaches become more complex, organizations must establish their data recovery and protection policies. The capacity to manage events rapidly can reduce downtime and minimize financial and reputational harm. DRPs also help firms meet compliance obligations while giving a clear path to data recovery.