Supply chain
[SC] Supply Chain
Flagstar Bank Third-Party Breach (October 2023)
Primary Source ↗Incident Details
Third Flagstar Bank data breach since 2021 affects 800,000 customers. Flagstar Bank is warning that over 800,000 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider. Flagstar, now owned by the New York Community Bank, is a Michigan-based financial services provider that, before its acquisition last year, was one of the largest banks in the United States, having total assets of over $31 billion. A data breach notification sent to impacted customers explains that Flagstar was indirectly impacted by Fiserv, a vendor it uses for payment processing and mobile banking services. Third-party company: Fiserv.
Technical Details
- Initial Attack Vector
- Compromise of third-party service provider / vendor relationship
- Vendor / Product
- Fiserv
- Supply Chain Attack
- ✅ Confirmed third-party / vendor compromise
Timeline
- 2023-10-01 Breach occurred
- 2023-10-08 Publicly disclosed