Skip to main content

Before you go

You are about to leave Flagstar is not responsible for the content on other sites.

Data Security and Customer Privacy

Safety. Security. Stability.

Information security

The key pillars of our information security program are: Identify, Protect, Detect, Respond, and Recover.


Protecting customer information takes awareness and effort from all our employees. We’ve built processes to identify cybersecurity threats and ensure our data and customer privacy are well-protected. These processes have been developed in partnership with Flagstar’s Chief Risk Officer, Chief Information Officer, Chief Information Security Officer, business unit leaders, and enterprise risk management team.


Flagstar’s Chief Information Security Officer performs ongoing oversight of the information security program and ensures that ongoing independent testing of implemented controls is performed. The results are shared with the Board of Directors.


All Flagstar employees are expected to securely handle bank devices and customer information and comply with bank policies and procedures. In 2022, 100% of our employees were required to complete mandatory security awareness training. Plus, we added employee and customer awareness communication campaigns on working-from-home environments.


In addition, the cybersecurity team conducted quarterly simulated phishing exercises and social engineering tests to make sure that employees and contractors followed policies and adhered to the proper standards.


We continued our involvement with #BanksNeverAskThat, the American Bankers Association’s awareness campaign to protect customer banking information.

You may also be interested in:

Gray background with star pattern

Corporate Governance Structure

Guided by strategic, responsible leadership.

Three women talking at an office desk

Code of Conduct and Business Ethics

Integrity remains our top priority.

Two women and a man talking at an office table

Risk Management

A comprehensive approach.