The personal information, including, of more than 1.5 million Flagstar Bank customers was compromised in a late last year, but the bank didn't start informing those affected until earlier this month after it completed its investigation.
The Michigan-based bank, which operates 150 branches and is one of the country's largest mortgage lenders, said in a disclosure to the state of Maine that its systems were hacked between Dec. 3 and 4 of last year. In a Thursday statement to CNET, Flagstar said that the intrusion was detected and contained right away, but that it held off disclosing the breach so it could investigate.
"Now that the extensive forensic investigation is complete, we are in the process of notifying individuals who may have been impacted directly via US mail," the company said.
The compromised information includes customer names or other identifiers in combination with Social Security number, which are considered to be one of a person's most critical pieces of personal information. If a person's Social Security number is stolen, it puts them at increased risk of , because the numbers are used to or loans, as well as to .
Flagstar said there's no evidence yet that the stolen customer information has been misused, but as a precaution it'll provide freefor two years to those affected.
In addition, cybersecurity experts recommend that peopleif they suspect that their SSN has been compromised. That will prevent cybercriminals from using it to open up new lines of credit in their name.