Flagstar Bank is informing 1.5 million customers of a data breach wherein hackers acquired data. The cyberattack happened in December last year.
Flagstar, a Michigan-based financial services provider and one of the largest banks in the United States, has total assets valued at more than $30 billion.
The notification states that Flagstar was hit by a cyberattack in December 2021; The attackers broke into the bank’s corporate network.
After investigating the attack, the bank concluded that the threat actors had accessed customer details like full names and social security numbers.
“Upon learning of the incident, we promptly activated our incident response plan, engaged external cybersecurity professionals experienced in handling these types of incidents, and reported the matter to federal law enforcement,” explains the notice.
“We have no evidence that any of the information has been misused. Nevertheless, out of an abundance of caution, we want to make you aware of the incident.”
Affected customers will receive, for free, two years of identity monitoring and protection services by Flagstar.
Based on information submitted to the Office of the Maine Attorney General, the data breach affected 1,547,169 people in the United States.
Flagstar didn’t reveal any additional information regarding the attack when contacted by Bleeping Computer.