Accellion Incident Information Center

We will keep this page updated with actions we are taking, including free credit monitoring and identity theft protection services for those whose personal information was potentially accessed.

Free credit monitoring and identity theft protection services for impacted individuals

Flagstar is offering impacted individuals whose personal information was potentially accessed, at no charge, a two-year membership in credit monitoring and identity theft protection services, which will help monitor your credit health and keep your identity safe. It will send you alerts any time your credit file changes.

Please read before enrolling:

If you were impacted, you will receive a letter in the U.S. Mail that will include instructions regarding enrollment in credit monitoring, including a unique Membership/Member Number. Please have your letter and number available when enrolling.

Enroll Now

Trouble enrolling? Other Questions? Explore FAQs

Information Security Best Practices

We are aware that those responsible for this incident are in some cases contacting Flagstar customers by e-mail and by telephone. These are communications from unauthorized individuals responsible for the Accellion incident, and you should not respond to them. If you receive a suspicious message, please do not open attachments or click on links.

Should you receive any engagement from anyone indicating they are in possession of your information, please reach out to us at protect@flagstar.com immediately.

Flagstar Bank Statement on Accellion Vulnerability

Accellion, a vendor that Flagstar uses for its file sharing platform, informed Flagstar on January 22, 2021, that the platform had a vulnerability that was exploited by an unauthorized party. After Accellion informed us of the incident, Flagstar permanently discontinued use of this file sharing platform. Unfortunately, we have learned that the unauthorized party was able to access some of Flagstar’s information on the Accellion platform and that we are one of numerous Accellion clients who were impacted.

Upon discovery, we acted immediately to contain the threat and engaged a team of third-party forensic experts to investigate and determine the full scope of this incident. After a thorough, diligent review of the data, we are now in the process of notifying impacted customers directly via U.S. Mail.

Flagstar has been and remains fully operational, and other parts of our IT infrastructure outside of the Accellion platform were not impacted. Importantly, the Accellion platform was segmented from the rest of our network, and our core banking and mortgage systems were not affected.

What are we doing?

We are in process of notifying impacted individuals whose personal information was potentially accessed directly via U.S. Mail in accordance with state and federal regulations. These individuals will receive information regarding free credit monitoring services. These tools will alert individuals if there are changes to their credit data and provide access to free fraud consultation and identity theft restoration support services.

We have also established a call center dedicated to handling inquiries related to this incident and to helping impacted individuals take advantage of their identity protection services. The call center can be reached at 855-907-0446 Monday-Friday from 9 a.m. to 6:30 p.m. ET.

Additional information on credit monitoring services for customers who received a notification via U.S. Mail

We have secured the services of Kroll to provide credit monitoring, fraud consultation, and identity theft restoration for 24 months at no cost to you. Kroll is a global leader in risk mitigation and response, and their team has extensive experience helping people who have sustained an unintentional exposure of confidential data.

As a reminder, if you were impacted, you will receive a letter in the mail that will include instructions regarding enrollment in credit monitoring and identity theft services.

Credit Monitoring

Fraud Consultation

You will have unlimited access to consultations with a Kroll fraud specialist. Support includes showing you the most effective ways to protect your identity, explaining your rights and protections under the law, assisting with fraud alerts, and interpreting how personal information is accessed and used, including investigating suspicious activity that could be tied to an identity theft event.

Identity Theft Restoration

If you become a victim of identity theft, an experienced Kroll licensed investigator will work on your behalf to resolve related issues. You will have access to a dedicated investigator who understands the issues and can do most of the work for you. Your investigator will be able to dig deep to uncover the scope of the identity theft, and then work to resolve it.

NOTE: Kroll’s activation website is only compatible with the current version or one version earlier of Chrome, Firefox, Safari and Edge.

Other ways you can protect yourself

We want to provide you with as much information as we can to help you to protect your information. Please read ahead for additional measures you can take to help keep your information secure.

Review account statements and notify law enforcement of suspicious activity

As a precautionary measure, we recommend that you remain vigilant by reviewing your account statements, from us and others, and monitoring your credit reports closely. If you detect any suspicious activity on any account or have reason to believe your information is being misused, you should promptly notify the financial institution or company with which the account is maintained. You should also promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, your state attorney general, and the Federal Trade Commission (FTC). If you file an identity theft report with your local police department, you should ask for and are entitled to receive a copy of the police report. Some creditors may ask for the information contained in the report.

You may be able to obtain information from your state’s attorney general on the steps you can take to avoid identity theft. Contact information for your state’s attorney general is available at www.naag.org/naag/attorneys-general/whos-my-ag.php.

To file a complaint with the FTC, go to www.identitytheft.gov or call 877-ID-THEFT (877-438-4338), a toll-free number. Complaints filed with the FTC will be added to the FTC's Identity Theft Data Clearinghouse, a database made available to law enforcement agencies. Additional contact information for the FTC is provided below:

Federal Trade Commission
600 Pennsylvania Avenue, NW
Washington, DC 20580
Telephone: 202-326-2222

For information from the FTC on how federal law limits your liability for unauthorized charges to certain accounts, please visit www.consumer.ftc.gov/articles/0213-lost-or-stolen-credit-atm-and-debit-cards.

Request a free copy of your credit report

You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting www.annualcreditreport.com, calling toll-free 877-322-8228, or completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348. You can print a copy of the request form at www.annualcreditreport.com/cra/requestformfinal.pdf. Or, you can elect to purchase a copy of your credit report by contacting one of the three national credit reporting agencies.

Contact information for the three national credit reporting agencies for the purpose of requesting a copy of your credit report or for general inquiries is provided below.

Equifax

800-685-1111

equifax.com

P.O. Box 740241

Atlanta, GA 30374

Experian

888-397-3742

experian.com

535 Anton Blvd., Suite 100

Costa Mesa, CA 92626

TransUnion

800-916-8800

transunion.com

P.O. Box 6790

Fullerton, CA 92834

Even if you do not find any suspicious activity on your initial credit reports, the FTC recommends that you check your credit reports periodically. Stolen account information is sometimes held for future use or shared among a group of thieves at different times. Checking your credit report periodically can help you spot problems and address them quickly.

Place a security freeze on your credit file

You also have the right to place a security freeze on your credit file. A security freeze is intended to prevent credit, loans, and services from being approved in your name without your consent. As a result, using a security freeze may interfere with or delay your ability to obtain credit. To place a security freeze on your credit file, you need to separately contact each of the three nationwide credit reporting companies. A security freeze can be placed on your credit file at no cost to you. In order to place a security freeze, you may be required to provide the consumer reporting agency with information that identifies you, including your full name, Social Security number, date of birth, current and previous addresses, a copy of your state-issued identification card, and a recent utility bill, bank statement, or insurance statement. We recommend that you contact the credit reporting companies, identified above, by phone or online to find out their specific requirements and expedite this process.

Additional best practices to keep your data secure

Do not share personal information over the phone, through the mail, or over the internet unless you initiated the contact or know the person you are dealing with. If someone contacts you unexpectedly and asks for your personal information, even if it is a company you regularly conduct business with, call the company back directly using the published company phone number to verify the request is legitimate before providing any data.
Choose PINs and passwords that would be difficult to guess and avoid using easily identifiable information such as your mother’s maiden name, birth dates, the last four digits of your Social Security number, or phone numbers. Also, avoid using the same password for online banking that you use for other accounts. Your online banking password should be unique to that account only.
Pay attention to billing cycles and account statements and contact us if you don’t receive a monthly bill or statement since identity thieves often divert account documentation.
Be careful about where and how you conduct financial transactions, for example, don’t use an unsecured Wi-Fi network because someone might be able to access the information you are transmitting or viewing.
Monitor your accounts regularly for fraudulent transactions. Review payees for online bill payments and Zelle® contacts, if applicable. Sign up for account alerts through online banking for certain actions, such as an address or password change. Notify Flagstar Bank immediately if you find any suspicious activity on your account.

Frequently Asked Questions

What are the steps to enrolling in credit monitoring services?

Visit http://enroll.idheadquarters.com

Input Membership Number exactly as it appears on their notification letter.
Enter Last Name exactly as it appears on their notification letter.
Enter Zip Code exactly as it appears on their notification letter.
You will then be prompted to set up an email address and password.
- The Kroll password requirements are:
- Contains 8-12 characters total.
- Contains 1 Capital Letter.
- Contains 1 lowercase letter.
- Contains 1 number.
- Contains 1 special character that is not =or +.

To complete the process, you will need to answer a series of questions about their credit history to verify your identity.

I’m following the steps for enrollment, but I’m receiving an error message. What can I do?

Most often, this can be resolved by clearing the cache of your browser. You can do this by taking the following steps:

Visit the Settings menu in your internet browser.
Locate the option to clear your browsing history, cookies and cached images and files.
Follow the steps for your browser to clear these items.
Close your browser.
Reopen your browser and visit https://enroll.idheadquarters.com.

How will I know if I am impacted?

I’m a customer of Desert Community Bank, why am I receiving a letter from Flagstar about the Accellion incident?

Desert Community Bank is a division of Flagstar Bank. If you received the letter, we believe your information was potentially impacted by this incident. Out of an abundance of caution, we encourage you to follow the instructions within the letter and activate the free credit monitoring services at your earliest opportunity. Should you have any question about your account(s) with Desert Community Bank, please contact Customer Support at 760-243-2140, Monday – Friday, 6 a.m. – 7 p.m. PT, Saturday, 9 a.m. - 5 p.m. PT.