Defendant Name: Flagstar Bancorp, Inc., Now Known as "Flagstar Financial, Inc."

Defendant Type: Public Company

Document Reference: 33-11343-s

Document Details

Legal Case Name In the Matter of Flagstar Bancorp, Inc., now known as “Flagstar Financial, Inc.”
Document Name SEC Charges Flagstar for Misleading Investors About Cyber Breach
Document Date 16-Dec-2024
Document Format Administrative Proceeding
File Number 3-22360
Allegation Type Issuer Reporting and Disclosure
Document Summary On December 16, 2024, the SEC stated that "[it] led settled charges against Flagstar Bancorp, Inc. (now known as "Flagstar Financial, Inc."), for making materially misleading statements regarding a cybersecurity attack on Flagstar's network in late 2021 (the "Citrix Breach")."

Disgorgement & Penalty Information

Resolutions
Cease and Desist Order
Monetary Penalties:

Civil Penalty

Individual:     $3,550,000.00 Shared:    

Related Documents:

33-11343 16-Dec-2024 Administrative Proceeding
Order Instituting Cease-and-Desist Proceedings Pursuant to Section 8A of the Securities Act of 1933 and Section 21C of the Securities Exchange Act of 1934, Making Findings, and Imposing a Cease-and-Desist Order
On December 16, 2024, the SEC instituted settled cease-and-desist proceedings against Flagstar Bancorp, Inc., now known as “Flagstar Financial, Inc.”, stating: "This matter concerns materially misleading statements that Flagstar negligently made regarding a cybersecurity attack on Flagstar’s network between November 22, 2021 and December 25, 2021 (the “Citrix Breach”), which resulted in, among other things, the encryption of data, network disruptions, and the exfiltration of the personally identifiable information (“PII”) of approximately 1.5 million individuals, including customers, on December 3 and 4, 2021."