This class action brings suit against Flagstar Bancorp, Inc. and Flagstar Bank, FSB, alleging they bear responsibility for the data breach the Flagstar network suffered. The complaint alleges that the cyberattack occurred between December 3 and 4, 2021, but that Flagstar discovered it only on June 2, 2022—approximately six months later.
The Nationwide Class for this action is all natural persons living in the US whose personally identifiable information (PII) was compromised in the data breach initially discovered by Flagstar on or around June 2, 2022. A California Subclass has also been defined for those who live or have lived in California whose PII was compromised in the data breach.
Exposed in the data breach was the PII of more than a million and a half individuals, including names, Social Security numbers, account or loan numbers, and financial institution information. Flagstar did not send out the Notice of Data Breach Letter until June 17, 2022.
The complaint claims that Flagstar’s Privacy Policy promised that, to “protect your personal information from unauthorized access and use, we use security measures that comply with federal law. These measures include computer safeguards and secured files and buildings.”
However, the complaint alleges that Flagstar “maintained the Private Information in a reckless and negligent manner. In particular, the Private Information was maintained on [Flagstar’s] computer network in a condition vulnerable to cyberattacks of this type.”
“On information and belief,” the complaint also alleges, the Flagstar entities did not encrypt the PII they stored, which the complaint claims is “evidenced by the fact that hackers were able to steal the Private Information in a useable form.”
The complaint further claims that the cyberattack was a known foreseeable risk for Flagstar, but that Flagstar and its employees or agents did not adequately monitor the computer network and systems that held the private information. If Flagstar had done this, the complaint claims, it would have found ways to prevent the data breach or would have discovered it sooner.
This class action has been brought by two plaintiffs. One, Dana Robbins, has already suffered adverse consequences from the theft of her information, the complaint alleges: “As a result of the Data Breach, [Robbins] has been the victim of false debit card charges and had to obtain a new debit card. Put simply, [Robbins’s] debit card and associated accounts have been compromised due to [Flagstar’s] negligence.”
That was not the only criminal exploitation of her information: “As a result of the Data Breach, [Robbins] was informed that an individual filed a false unemployment claim on her behalf.”
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Flagstar Bank Data Breach Complaint
June 24, 2022
This class action brings suit against Flagstar Bancorp, Inc. and Flagstar Bank, FSB, alleging they bear responsibility for the data breach the Flagstar network suffered. The complaint alleges that the cyberattack occurred between December 3 and 4, 2021, but that Flagstar discovered it only on June 2, 2022—approximately six months later.
Flagstar Bank Data Breach ComplaintCase Event History
Flagstar Bank Data Breach Complaint
June 24, 2022
This class action brings suit against Flagstar Bancorp, Inc. and Flagstar Bank, FSB, alleging they bear responsibility for the data breach the Flagstar network suffered. The complaint alleges that the cyberattack occurred between December 3 and 4, 2021, but that Flagstar discovered it only on June 2, 2022—approximately six months later.
Flagstar Bank Data Breach Complaint