Social Security Numbers Stolen in Flagstar Bank Data Breach

The personal information of 1.5 million customers was affected by the hacking of the bank's systems.

Bree Fowler Senior Writer
Bree Fowler writes about cybersecurity and digital privacy. Before joining CNET she reported for The Associated Press and Consumer Reports. A Michigan native, she's a long-suffering Detroit sports fan, world traveler, wannabe runner and champion baker of over-the-top birthday cakes and all-things sourdough.
Expertise cybersecurity, digital privacy, IoT, consumer tech, smartphones, wearables
Bree Fowler
2 min read
Flagstar bank logo with red background and white letters

Those affected will get free identity theft monitoring for two years.

James Martin/CNET

The personal information, including Social Security numbers, of more than 1.5 million Flagstar Bank customers was compromised in a data breach late last year, but the bank didn't start informing those affected until earlier this month after it completed its investigation.

The Michigan-based bank, which operates 150 branches and is one of the country's largest mortgage lenders, said in a disclosure to the state of Maine that its systems were hacked between Dec. 3 and 4 of last year. In a Thursday statement to CNET, Flagstar said that the intrusion was detected and contained right away, but that it held off disclosing the breach so it could investigate.

"Now that the extensive forensic investigation is complete, we are in the process of notifying individuals who may have been impacted directly via US mail," the company said.

The compromised information includes customer names or other identifiers in combination with Social Security number, which are considered to be one of a person's most critical pieces of personal information. If a person's Social Security number is stolen, it puts them at increased risk of identity theft, because the numbers are used to apply for credit cards or loans, as well as to file tax returns.

Flagstar said there's no evidence yet that the stolen customer information has been misused, but as a precaution it'll provide free identity theft monitoring for two years to those affected. 

In addition, cybersecurity experts recommend that people freeze their credit if they suspect that their SSN has been compromised. That will prevent cybercriminals from using it to open up new lines of credit in their name.