Flagstar agrees to $31.5 million data breach settlement – National Mortgage News
Flagstar Bank has agreed to a $31.5 million settlement to resolve two class action lawsuits stemming from data breaches which impacted over 2 million consumers.
The agreement, pending a Michigan federal judge’s approval, will create the fund for approximately 2,187,170 class members, according to case filings in October. The bank suffered two distinct cyberattacks in 2021, including one in which itpaid a $1 million ransom to hackers.
The deal could end prolonged litigation for the $91.7 billion-asset depository, which is remaking itself after moderate financial struggles. Once a sizable bank player in the mortgage space, the company also sold its servicing and third-party origination operationsto Mr. Cooper in November 2024.
The settlement, which would beamong the largest by a mortgage lender in recent years, amounts to $14.40 per person, according to plaintiffs. The sum is a “more than adequate outcome,” wrote counsel for plaintiffs. While various class members would be entitled to different sums, attorneys will request $10.5 million, or a third of the proposed settlement.
Neither attorneys for the parties nor spokespersons for Flagstar returned requests for comment Monday. The prospective deal also doesn’t relate to yet another incident the bank suffered in 2023 via a breach at Fiserv, whichaffected 837,390 of the bank’s customers .
Thefirst major data breach occurred because the lender stuck with an aging software rather than migrate to a modern, more secure version, plaintiffs allege.
The bank used Accellion’s File Transfer Appliance, a software that allows the sharing of files which exceed email limits, to share sensitive data including mortgage application information. Accellion rolled out a newer application in 2014, and warned customers it would stop issuing security updates for FTA in November 2020.
Flagstar was one of 300 holdouts not to make the switch, and one of around 25 FTA users to suffer a significant data theft, plaintiffs said. Once FTA stopped receiving security updates, hackers attacked the platform, and eventually breached Flagstar sometime in January 2021. In March, cybercriminals posted 80 gigabytes of company data on the dark web, where it remained visible as of last year.
Fewer details are known of the second attack, in which hackers infiltrated the company’s network in 2021 between November to December. According to the Securities and Exchange Commission, which fined the bankover its misleading disclosures , cybercriminals disrupted mortgage originations and encrypted around 30% of Flagstar’s work stations and servers.
Former FlagstarCEO Alessandro DiNello and a team including a negotiator paid the perpetrators a $1 million bitcoin ransom on Dec. 31, 2021 to access and delete compromised data, according to case filings.
Twenty-two named plaintiffs, who allege various grievances stemming from their data being stolen, are eligible for awards of up to $2,500 each, according to the terms of the proposed settlement.
Class members, should they not opt-out of the settlement, can receive up to $25,000 in reimbursement for monetary losses if they can provide documentation. Victims will also receive three years of credit monitoring services, while 364,000 members who were California residents at the time of the incidents are also eligible to receive $100.
The settlement fund, which also covers $500,000 of reimbursement to attorneys for litigation costs, also sets aside funds to pay for administrative costs such as distributing notices and claims. Should there be funds left over, class members are eligible to receive residual cash payouts of up to $599.
The sides began negotiating a settlement in April, before accepting a mediator’s proposal to resolve the case in August. A federal judge has yet to rule on the motion for preliminary approval, which would kick off a series of deadlines including notices sent out 60 days after the ruling.
The bank hasn’t been profitablesince the third quarter of 2023 and posted a $45 million net loss in the recent period. Company leaders last month said they’re moving in the right direction, such as reducing Flagstar’s exposure to previously troublesome multifamily loans, but weren’t firm on promising a return to profitability soon.
“Flagstar’s financial condition … was an additional factor in proposed class counsel’s analysis in concluding that the settlement was fair, reasonable, and adequate, and in the best interests of the class to resolve the case at this time,” wrote the interim co-lead attorneys for plaintiffs.
The number of highly qualified refinance candidates rose to 1.7 million, the most in three and a half years, as mortgage rates ease.
The impacts of the federal government shutdown are hitting both originators and servicers, and as things drag out, the disruptions will increase.
President Trump and housing regulator Bill Pulte are considering introducing a 50-year fixed rate mortgage that Fannie Mae and Freddie Mac would purchase.
The FHFA director hinted at a partnership in the works and doubled down on criticism of homebuilders and the Fed chair in a housing conference interview.
The Consumer Financial Protection Bureau ended a consent order earlier than expected against the credit bureau TransUnion, saying the company already paid a $5 million fine and $3 million to consumers.
A trade group for participants in the clean energy loan program argues the upcoming regulations will be too burdensome and costly for participants.
The loan originators who kept deals flowing last year reveal the secrets to their success
source
This article was autogenerated from a news feed from CDO TIMES selected high quality news and research sources. There was no editorial review conducted beyond that by CDO TIMES staff. Need help with any of the topics in our articles? Schedule your free CDO TIMES Tech Navigator call today to stay ahead of the curve and gain insider advantages to propel your business!
The agreement, pending a Michigan federal judge’s approval, will create the fund for approximately 2,187,170 class members, according to case filings in October. The bank suffered two distinct cyberattacks in 2021, including one in which it
The deal could end prolonged litigation for the $91.7 billion-asset depository, which is remaking itself after moderate financial struggles. Once a sizable bank player in the mortgage space, the company also sold its servicing and third-party origination operations
The settlement, which would be
Neither attorneys for the parties nor spokespersons for Flagstar returned requests for comment Monday. The prospective deal also doesn’t relate to yet another incident the bank suffered in 2023 via a breach at Fiserv, which
The
The bank used Accellion’s File Transfer Appliance, a software that allows the sharing of files which exceed email limits, to share sensitive data including mortgage application information. Accellion rolled out a newer application in 2014, and warned customers it would stop issuing security updates for FTA in November 2020.
Flagstar was one of 300 holdouts not to make the switch, and one of around 25 FTA users to suffer a significant data theft, plaintiffs said. Once FTA stopped receiving security updates, hackers attacked the platform, and eventually breached Flagstar sometime in January 2021. In March, cybercriminals posted 80 gigabytes of company data on the dark web, where it remained visible as of last year.
Fewer details are known of the second attack, in which hackers infiltrated the company’s network in 2021 between November to December. According to the Securities and Exchange Commission, which fined the bank
Former Flagstar
Twenty-two named plaintiffs, who allege various grievances stemming from their data being stolen, are eligible for awards of up to $2,500 each, according to the terms of the proposed settlement.
Class members, should they not opt-out of the settlement, can receive up to $25,000 in reimbursement for monetary losses if they can provide documentation. Victims will also receive three years of credit monitoring services, while 364,000 members who were California residents at the time of the incidents are also eligible to receive $100.
The settlement fund, which also covers $500,000 of reimbursement to attorneys for litigation costs, also sets aside funds to pay for administrative costs such as distributing notices and claims. Should there be funds left over, class members are eligible to receive residual cash payouts of up to $599.
The sides began negotiating a settlement in April, before accepting a mediator’s proposal to resolve the case in August. A federal judge has yet to rule on the motion for preliminary approval, which would kick off a series of deadlines including notices sent out 60 days after the ruling.
The bank hasn’t been profitable
“Flagstar’s financial condition … was an additional factor in proposed class counsel’s analysis in concluding that the settlement was fair, reasonable, and adequate, and in the best interests of the class to resolve the case at this time,” wrote the interim co-lead attorneys for plaintiffs.
The number of highly qualified refinance candidates rose to 1.7 million, the most in three and a half years, as mortgage rates ease.
The impacts of the federal government shutdown are hitting both originators and servicers, and as things drag out, the disruptions will increase.
President Trump and housing regulator Bill Pulte are considering introducing a 50-year fixed rate mortgage that Fannie Mae and Freddie Mac would purchase.
The FHFA director hinted at a partnership in the works and doubled down on criticism of homebuilders and the Fed chair in a housing conference interview.
The Consumer Financial Protection Bureau ended a consent order earlier than expected against the credit bureau TransUnion, saying the company already paid a $5 million fine and $3 million to consumers.
A trade group for participants in the clean energy loan program argues the upcoming regulations will be too burdensome and costly for participants.
The loan originators who kept deals flowing last year reveal the secrets to their success
source
This article was autogenerated from a news feed from CDO TIMES selected high quality news and research sources. There was no editorial review conducted beyond that by CDO TIMES staff. Need help with any of the topics in our articles? Schedule your free CDO TIMES Tech Navigator call today to stay ahead of the curve and gain insider advantages to propel your business!
