
Data breaches are all too common these days, but this class action brings suit for a data breach involving banking entities—Flagstar Bancorp, Inc. and Flagstar Bank, FSB. Banking entities keep highly sensitive personally identifiable information (PII) in their systems. The complaint for this class action alleges, “Flagstar failed to invest in adequate data security, thereby allowing hackers to exfiltrate the highly-sensitive personal and financial information of approximately 1.5 million individuals.”
The class for this action is all persons in the US whose PII was accessed in the data breach.
The complaint quotes Flagstar’s website as saying that the bank has “firewalls and prevention systems that stop unauthorized access to our network and computers, plus secure network protocols that ensure secure connections between our offices, partners, and customers[.]” Despite these promises, Flagstar did not take adequate measures to safeguard the information it held in its systems, the complaint alleges.
The data breach took place between December 3 and 4, 2021, when unauthorized parties were able to enter Flagstar’s systems and access the information stored there. Unfortunately, the complaint alleges that Flagstar did not inform the individual victims whose information was stolen until about June 17, 2022—a time that the complaint claims was “more than two weeks after Flagstar claims to have realized that the Data Breach occurred, and more than six months after” the information was stolen.
The plaintiff in this case, Michael Perkaj, opened an account at Flagstar many years ago, possibly around 2010, the complaint alleges, and closed the account around ten years ago. Since closing it, the complaint claims, he has not had an account or any other business relationship with Flagstar. Nevertheless, his information was among that stolen in the data breach.
Flagstar’s notice informed him that his name, phone number, and Social Security number had been disclosed in the data breach, the complaint says.
According to the complaint, Flagstar discovered the data breach at some point before June 2, 2022. The complaint quotes Flagstar’s notice said that the bank had “activated [its] incident response plan, engaged external cybersecurity professionals experienced in handling these types of incidents, and reported the matter to federal law enforcement[.]” Even after Flagstar detected and acknowledged the data breach, the complaint claims, it did not reveal the length of time during which the cybercriminals had access to the PII or the full extent of information compromised in the data breach.
Flagstar has offered the victims of the data breach two years’ worth of identity monitoring services.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
Flagstar Bank Exposure of Current and Former Customer PII Complaint
July 11, 2022
Data breaches are all too common these days, but this class action brings suit for a data breach involving banking entities—Flagstar Bancorp, Inc. and Flagstar Bank, FSB. Banking entities keep highly sensitive personally identifiable information (PII) in their systems. The complaint for this class action alleges, “Flagstar failed to invest in adequate data security, thereby allowing hackers to exfiltrate the highly-sensitive personal and financial information of approximately 1.5 million individuals.”
Flagstar Bank Exposure of Current and Former Customer PII ComplaintCase Event History
Flagstar Bank Exposure of Current and Former Customer PII Complaint
July 11, 2022
Data breaches are all too common these days, but this class action brings suit for a data breach involving banking entities—Flagstar Bancorp, Inc. and Flagstar Bank, FSB. Banking entities keep highly sensitive personally identifiable information (PII) in their systems. The complaint for this class action alleges, “Flagstar failed to invest in adequate data security, thereby allowing hackers to exfiltrate the highly-sensitive personal and financial information of approximately 1.5 million individuals.”
Flagstar Bank Exposure of Current and Former Customer PII Complaint