Data Security and Customer Privacy

Information security

The key pillars of our information security program are: Identify, Protect, Detect, Respond, Recover.

Protecting customer information takes awareness and effort from all our employees. We’ve built processes to identify cybersecurity threats and ensure our data and customer privacy are well-protected. These processes have been built in partnership with Flagstar’s Chief Risk Officer, Chief Information Officer, business unit leaders, and enterprise risk management team.

Flagstar's Chief Information Security Officer (CISO) regularly conducts a comprehensive evaluation and testing of our information security program. The results are shared with the Board of Directors.

All Flagstar employees are expected to handle bank devices and customer information in a secure manner and comply with bank policies and procedures. In 2021, 100% of our employees and contractors were required to complete mandatory security awareness training. Plus, we added employee and customer awareness communication campaigns on COVID-19-related cyber risks and working-from-home environments. 

In addition, the cybersecurity team conducted quarterly simulated phishing exercises and social engineering tests to make sure that employees and contractors are following policies and adhering to the proper standards. Our CISO also conducted cybersecurity training for many of our community and nonprofit partners, and the bank continued our involvement with the American Bankers Association #BanksNeverAskThat awareness campaign to protect customer banking information.