Flagstar Bank

Flagstar Bank, a New York-based mortgage lender, faced severe financial and reputational repercussions due to two major data breaches in 2021 and 2022, which exposed the personal information of millions of customers. The fallout included a $31.5 million settlement in multiple class-action lawsuits filed by affected former customers, alongside an additional $3.5 million fine imposed by the SEC for misleading public statements regarding the breaches. The incidents not only led to substantial monetary losses but also eroded trust among customers and regulators. The breaches occurred before Flagstar sold its mortgage servicing business to Mr. Cooper in 2024, yet the legacy of the attacks continues to impact its standing in the financial sector. The exposed data likely included sensitive personal and financial details, amplifying the severity of the breach and its long-term consequences for both the company and its clients.

Source: https://www.rismedia.com/2025/11/07/mortgage-mix-flagstar-agrees-pay-31-point-5-million-class-action/

Flagstar Bank cybersecurity rating report: https://www.rankiteo.com/company/flagstar-bank

"id": "fla3192831110725",
"linkid": "flagstar-bank",
"type": "Breach",
"date": "6/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Millions',
                        'industry': 'Financial Services',
                        'location': 'New York, USA',
                        'name': 'Flagstar Bank',
                        'type': 'Mortgage Lender'}],
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': 'Millions',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Personal information'},
 'description': 'Flagstar Bank agreed to a $31.5 million settlement in '
                'class-action lawsuits and paid $3.5 million to the SEC for '
                'misleading statements related to two data breaches that '
                'exposed the personal information of millions of customers in '
                '2021 and 2022. The breaches led to regulatory scrutiny and '
                'financial penalties.',
 'impact': {'brand_reputation_impact': 'Negative (regulatory penalties and '
                                       'public disclosure)',
            'customer_complaints': 'Class-action lawsuits filed by former '
                                   'customers',
            'data_compromised': 'Personal information of millions of customers',
            'financial_loss': '$35 million (settlements + SEC fine)',
            'identity_theft_risk': 'High (personal information exposed)',
            'legal_liabilities': '$31.5 million (class-action settlements) + '
                                 '$3.5 million (SEC fine)'},
 'investigation_status': 'Settled (class-action and SEC)',
 'references': [{'source': 'RISMedia - The Mortgage Mix'}],
 'regulatory_compliance': {'fines_imposed': '$3.5 million (SEC)',
                           'legal_actions': 'Class-action lawsuits (settled '
                                            'for $31.5 million)',
                           'regulations_violated': ['SEC disclosure rules']},
 'title': 'Flagstar Bank Data Breaches (2021-2022) and Regulatory Settlements',
 'type': ['Data Breach', 'Regulatory Violation']}

Flagstar Bank

Tangoe US Inc.: Tangoe Data Breach Class Action Settlement

MetroWest Community Federal Credit Union, Lynch Carpenter and LLP: MetroWest Community Federal Credit Union Data Breach Claims Investigated by Lynch Carpenter

CGI Sverige: Sweden probes reported leak of e-government platform source code