US-based bank and mortgage lender Flagstar bank has disclosed that they suffered a data breach after the Clop ransomware gang hacked their Accellion file transfer server in January of this year. In December, cybercriminals affiliated with the Clop ransomware gang began exploiting vulnerabilities in Accellion FTA used by organizations to share sensitive files with people outside of their organization. On Friday of last week, Flagstar bank issued a security disclosure on their website and started notifying customers about the security incident. Accellion informed Flagstar of the incident on January 22, 2021, that their platform had a vulnerability and of the breach. Flagstar permanently discontinued the use of the file-sharing system after being informed of the issue. “Unfortunately, we have learned that the unauthorized party was able to access some of Flagstar’s information on the Accellion platform and that we are one of the numerous Accellion clients who were impacted,” Accellion warned in the security advisory. Researchers found that the threat group who stole Flagstar’s information from Accellion FTA was not using the December zero-day vulnerability, which had been patched, but rather used a new vulnerability that was discovered in January. After the data was stolen, Flagstar received a ransom note demanding payment in bitcoin or the data would be released to the public. After Flagstar began notifying victims of the data breach, the Clop ransomware gang released screenshots of stolen data with a warning that they had stolen more personal data. The shared screenshots illustrate the types of sensitive customer and employee information stolen, including social security numbers, names, addresses, phone numbers, and tax records.
When evaluating a Managed Detection & Response (MDR) service there are 5 critical components that