Click for more special coverage
BleepingComputer reports that Michigan-based Flagstar Bank had personal data from 837,390 customers across the U.S. stolen after its third-party mobile banking and payment processing provider Fiserv was impacted by the widespread MOVEit hack by the Cl0p ransomware operation, which has already compromised more than 64 million individuals across 2,000 organizations around the world.
While sample notification letters had the compromised information redacted, Flagstar Bank customers were noted in a Maine data breach portal entry to have had their names and Social Security numbers stolen in the intrusion.
Such a third-party hack comes after two other cyberattacks since 2021, when Flagstar had customer and employee data, including names, phone numbers, addresses, SSNs, and tax records stolen following a Cl0p ransomware attack targeted at its Accellion file transfer server.
More than 1.5 million of the bank's customers across the U.S. also had their information, including names and SSNs, breached following an attack against its corporate network in June 2022.