Supply chain [SC] Supply Chain

Flagstar Bank Third-Party Breach (October 2023)

2023-10-01 [vendor] Fiserv
Primary Source ↗

Incident Details

Third Flagstar Bank data breach since 2021 affects 800,000 customers. Flagstar Bank is warning that over 800,000 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider. Flagstar, now owned by the New York Community Bank, is a Michigan-based financial services provider that, before its acquisition last year, was one of the largest banks in the United States, having total assets of over $31 billion. A data breach notification sent to impacted customers explains that Flagstar was indirectly impacted by Fiserv, a vendor it uses for payment processing and mobile banking services. Third-party company: Fiserv.

Technical Details

Initial Attack Vector
Compromise of third-party service provider / vendor relationship
Vendor / Product
Fiserv
Supply Chain Attack
✅ Confirmed third-party / vendor compromise

Timeline

  1. 2023-10-01 Breach occurred
  2. 2023-10-08 Publicly disclosed