3 min read

Bank loses customers' social security numbers after ransomware attack

Graham CLULEY

March 24, 2021

Bank loses customers' social security numbers after ransomware attack
  • Clop ransomware gang exploited Accellion flaws to steal data
  • Customers angry that their details were breached, even after closing their accounts long ago.

Things don’t get much worse than having to admit to your employees that a gang of cybercriminals have broken into your infrastructure, stolen the private details (social security numbers, names and home addresses) of your staff, and are demanding that your company pays a ransom before further sensitive data is leaked.

Well, actually they do.

Because what if two weeks later the hacked bank (did I mention it was in the top 75 list of largest banks in the United States?) reveals that the cybercriminals have also managed to exfiltrate sensitive data related to your multiple customers?

As Vice reports, the attack by the Clop ransomware gang against the Flagstar Bank, headquartered in Michigan, became public knowledge earlier this month, after the bank published a statement on its website explaining that it was one of many corporations impacted by a breach related to using Accellion’s ageing FTA file-sharing appliance.

Flagstar Bank’s public acknowledgment of the breach may have spurred the hackers to up the ante, posting details on their website and contacting journalists in an attempt to apply pressure on their victim to pay up.

The names of 18 Flagstar Bank employees were made available on the website, alongside their alleged social security numbers, home addresses, and other personal private information.

However, things became even more serious when it became apparent that the hackers were contacting the bank’s customers, informing them of the breach.

This appears to have spurred Flagstar Bank into contacting affected customers to admit that their Social Security Numbers, home addresses, full names, phone numbers, and home addresses had also fallen into the hands of cybercriminals.

Affected members of the public were understandably less than happy.

As some affected individuals pointed out, they were not even current customers of the bank.

One woman told Vice that her personal information had been leaked even though she had closed her account more than a decade ago.

The Clop ransomware gang has been exploiting vulnerabilities in the Accellion FTA platform to steal hosted files from a wide array of organisations in recent months – with corporate victims including oil giant Shell, Qualys, NSW Transport Agency, aerospace firms, law firms, and advertising agencies.

Earlier this month, Accellion published a third-party security assessment of its FTA platform, detailing the zero-day vulnerabilities that had been found (and since patched), and describing the attacks as “[demonstrating] a high level of sophistication and deep familiarity with the inner workings of the Accellion FTA software, likely obtained through extensive reverse engineering of the software.”

In the case of Flagstar Bank, it is offering impacted individuals two-years worth of free credit monitoring and identity protection services, and warning customers to be wary of communications which may be sent to them by the criminals.

Of course, signing up with an identity protection service does mean sharing personal information with yet another online service – something you might feel shy about doing in the immediate aftermath of a data breach like this.

Affected bank customers might also be wise to keep a close eye on their account statements for suspicious activity.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read