- Earlier this month, the Michigan-based bank Flagstar disclosed that a security incident had occurred, following the hack by a group of ransomware attackers who exploited a bank vendor’s zero-day software vulnerability.
- Personal information, including social security numbers of customers, bank employees, and even people with tenuous connections to the bank, were accessed as part of this data breach. That’s according to letters and communications from the bank that angry social media users have been sharing on Twitter.
- The hackers exploited a flaw in the Fire Transfer Application software from Accellion that Flagstar was using to secure sensitive data.
- Even though it was a third party with lax security that was taken advantage of, banks still have a first-party obligation to make sure their customers’ data isn’t being handled carelessly.
– Andy Meek | March 23, 2021