US financial institution and mortgage lender Flagstar has disclosed an information breach after the Clop ransomware gang hacked their Accellion file switch server in January.
In December, menace actors affiliated with the Clop ransomware gang started exploiting vulnerabilities in Accellion FTA servers utilized by organizations to share delicate information with individuals outdoors of their group.
On Friday, Flagstar Financial institution issued a safety disclosure on their web site and started emailing prospects a couple of breach of their Accellion FTA server.
“Accellion, a vendor that Flagstar makes use of for its file sharing platform, knowledgeable Flagstar on January 22, 2021, that the platform had a vulnerability that was exploited by an unauthorized get together. After Accellion knowledgeable us of the incident, Flagstar completely discontinued use of this file sharing platform.
“Sadly, we have now discovered that the unauthorized get together was in a position to entry a few of Flagstar’s info on the Accellion platform and that we’re one among quite a few Accellion shoppers who had been impacted,” Accellion warned within the security advisory.
Once we contacted Flagstar Financial institution on Friday with questions concerning the knowledge breach, the financial institution directed us to their already revealed advisory.
Nevertheless, BleepingComputer has discovered that Flagstar was breached not by the unique December zero-day vulnerability, which they’d patched, however for a brand new vulnerability utilized by menace actors in January.
After menace actors stole their knowledge, BleepingComputer was instructed Flagstar obtained a ransom observe demanding a bitcoin cost or the information can be launched. Under is an instance of a ransom observe obtained by Accellion victims.
Ransom calls for related to Accellion assaults have ranged as excessive as $10 million in bitcoin.
Ransomware gang publishes stolen knowledge
Flagstar utilized their Accellion FTA server to ship and obtain delicate paperwork with their companions and prospects.
At present, after Flagstar started notifying victims of the information breach, the Clop ransomware gang launched screenshots of stolen knowledge with a warning that it had stolen much more private knowledge.
The shared screenshots illustrate the varieties of delicate buyer and worker info stolen, together with social safety numbers, names, addresses, telephone numbers, and tax data.
Whereas the ransomware gang has solely shared a number of screenshots of stolen knowledge, as Flagstar is a financial institution and mortgage lender, it needs to be assumed that the menace actors stole additional paperwork containing delicate info.
Primarily based on the quite a few Accellion knowledge leaks revealed by the Clop gang, it’s clear that they’re behind all of those assaults and can proceed to publish stolen knowledge as sufferer’s disclose their assaults.
Sadly, this implies we’ll seemingly see additional knowledge breaches related to Accellion FTA hacks quickly.
Different victims related to Accellion FTA assaults are Singtel, Bombardier, QIMR Berghofer, Washington’s State Auditor office, New Zealand Reserve Bank, NSW for Transport, Fugro, Jones Day, Danaher, and the ABS Group.