Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Flagstar Bank customers had their sensitive personal information exposed to criminals in a data breach involving an “obsolete” file transfer product it used, a new lawsuit alleges.
In a nationwide class action complaint filed Tuesday in the Northern District of California, Plaintiff Grace Beyer alleges Flagstar and its former file transfer service provider Accellion were negligent in handling customer data, resulting in a “massive” data breach.
If you were affected by a data breach, you might be eligible to join or file a class action lawsuit. Lawyers are currently investigating recent data breaches nationwide and the impact that they’ve had on Americans.
Beyer said the breach exposed customer names, phone numbers, addresses, Social Security numbers, tax records, and other banking information.
“As a result of Defendants’ conduct and the resulting data breach, Plaintiff’s and Class members’ privacy has been invaded, their personal information is now in the hands of criminals, they have and they have either suffered fraud or identity theft, or face a substantial risk of identity theft and fraud,” the lawsuit states.
Beyer, a resident of California, said she routinely banks with Flagstar and had provided personal information to the bank. On March 15 this year, she received a letter about the data breach, saying her social security number, first name, last name, account number and address had been revealed.
“As a result of learning that she was impacted by the Data Breach, [Beyer] has spent at least 24 hours looking through and monitoring her accounts for fraud, setting up credit monitoring, and taking other measures in the fallout of the Data Breach to prevent fraud and identity theft,” the lawsuit states.
Flagstar was using Accellion for its file transfer services, according to the class action lawsuit, but the Accellion product was “a 20-year-old, obsolete,” software ending the near of its life at the time of the data breach.
The lawsuit says a hacker took advantage of a vulnerability in the Accellion file transfer system and accessed Flagstar customer data, as well as data from Accellion’s other clients’ systems.
Beyer alleges the bank and the software company should have known the file transfer appliance (FTA) and the data it stored was at risk.
“Defendants were well aware of the data security shortcomings in Accellion’s FTA product. Nevertheless, Defendants continued to use FTA, putting Flagstar’s customers at risk of being impacted by a breach,” the lawsuit states.
Beyer is suing both Flagstar and Accellion under federal law for negligence and invasion of privacy, and under California state law for violating the Consumer Privacy Act, Customer Records Act and Unfair Competition Law.
She’s also suing Flagstar alone for breach of implied contract and under the California Consumers Legal Remedies Act.
Beyer seeks to represent all United States residents whose personal information was compromised in the Dec. 2020 – Jan. 2021 Accellion data breach, as well as a California subclass.
She is asking a judge for certification of the Class, damages, interest, attorney’s fees and costs and a jury trial.
Meanwhile, several banks including Flagstar are being investigated for unfairly charging non-sufficient fund fees. To read more on Flagstar’s policies and your rights, click here.
Do you think the bank should have taken greater precautions with their customers’ data? Let us know in the comments!
The plaintiffs are represented by Andrew W. Ferich, Tina Wolfson, Robert Ahdoot and Theodore Maya of Ahdoot & Wolfson, PC.
The Flagstar Data Breach Class Action Lawsuit is Grace Beyer et al, v. Flagstar Bancorp, Inc. and Accellion, Inc., Case No. 5:21-cv-02239, in the United States District Court for the Northern District of California.
Read About More Class Action Lawsuits & Class Action Settlements:
47 thoughts onFlagstar Used ‘Obsolete’ Product, Allowing Data Breach, Class Action Lawsuit Claims
Add me please. I have them for my mortgage and received a letter.
I had flagstar finance my vehicle
I received the letter also.
For more than ten years, I have had Flagstar accounts. I also received the letter. My husband and children also have Flagstar accounts and received the letter. Please include us. Thank you.
I received the breach letter from Flagstar as well.
i have a mortgage for several years- got the letter the day after i received the duplicate letter from Wells Fargo.
I have a Flagstar mortgage and believe I was breached.
My mother has a HELOC and check acct with Flagstar and received this letter. Anything we should do?
Please issue cash settlement.
My late grandmother was a customer of Flagstar and I recently received a letter about data breach but wasn’t sure where it was from.