fbpx

Flagstar Data Compromised by Accellion Data Breach Class Action

Accellion, Inc. is a cloud computing company that handles the data of other companies. The complaint for this class action brings suit against Accellion and Flagstar Bancorp, which does business as Flagstar Bank, alleging that the Accellion data breach compromised the information of Flagstar customers.

The class for this action is all residents of the US whose PII was compromised in the data breach involving Accellion’s FTA product that took place in December 2020 and January 2021. The complaint also proposes Missouri and Flagstar Subclasses.

Accellion offers a physical device called File Transfer Appliance (FTA) that companies can install in their server rooms and use to share secure, encrypted files. The complaint quotes Accellion’s website as saying that it “[g]ive[s] users a simple, secure, private way to share confidential information” and “upload sensitive content in compliance.”

The company also claims to have a firewall that “prevents data breaches and compliance violations from third party cyber risk… When employees click the Accellion button, they know it’s the safe, secure way to share sensitive information with the outside world.”

The FTA product was released in 2005, however, and by 2020, it was considered to be outdated, although Accellion continued to market and use it. The complaint alleges that “the company has been encouraging users to discontinue their use of FTA.”

It quotes an Accellion official as citing previous attacks of the software and saying, “We have encouraged all FTA customers to migrate to kiteworks for the last three years and have accelerated our FTA end-of-life plans in light of these attacks. We remain committed to assisting our FTA customers, but strongly urge them to migrate to kiteworks as soon as possible.”

In December 2020, a customer told Accellion of an alarm it had received from an anomaly detector. Accellion became aware of a security flaw in the FTA that it did not have a patch to fix. The company then found two vulnerabilities that might allow hackers entry. The complaint alleges, “Together, these two vulnerabilities enabled attackers to exploit and obtain PII from FTA devices, seizing data from up to 300 of the company’s clients, including corporations, law firms, banks, universities, and other entities.”

An article described the data breach this way: The adversary exploited [the FTA’s] vulnerabilities to install a hitherto unseen Web shell named DEWMODE on the Accellion FTA app and used it to exfiltrate data from victim networks.”

Although Accellion released patches on December 20 and 24, there seem to have been delays in applying the patches. The complaint alleges that the attacks took place between mid-December 2020 and January 2021. The cyber criminals used the time to begin extorting Accellion’s clients.

Flagstar was one of Accellion’s clients. The complaint describes it as “one of the largest bank mortgage originators nationally and the second largest savings bank in the country.” On March 5, 2021, Flagstar was able to confirm that the PII of certain customers had been compromised.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

Flagstar Data Compromised by Accellion Data Breach Complaint

April 8, 2021

Accellion, Inc. is a cloud computing company that handles the data of other companies. The complaint for this class action brings suit against Accellion and Flagstar Bancorp, which does business as Flagstar Bank, alleging that the Accellion data breach compromised the information of Flagstar customers.

Flagstar Data Compromised by Accellion Data Breach Complaint

Case Event History

Flagstar Data Compromised by Accellion Data Breach Complaint

April 8, 2021

Accellion, Inc. is a cloud computing company that handles the data of other companies. The complaint for this class action brings suit against Accellion and Flagstar Bancorp, which does business as Flagstar Bank, alleging that the Accellion data breach compromised the information of Flagstar customers.

Flagstar Data Compromised by Accellion Data Breach Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy