Who qualifies for the Flagstar Bank data breach settlement?

You qualify if you are among the approximately 2,187,170 U.S. consumers Flagstar identified as having personal information impacted by the January 2021 or December 2021 data breaches. The Settlement Class includes a Nationwide Class of approximately 2,187,170 people and a California Subclass of approximately 364,000 California residents who receive additional CCPA statutory payments. Class membership is established by Flagstar's own records. The Settlement Administrator mailed or emailed notices with Settlement Claim IDs to all identified class members. Excluded from the class are Flagstar, its officers and affiliates, the judge and immediate family, and anyone who timely opts out.

How much can I get from the Flagstar settlement?

Eligible Settlement Class Members may receive one or more of four benefits: (1) reimbursement for documented out-of-pocket monetary losses related to the data breaches up to $25,000 per claimant (proof required); (2) a Residual Cash Payment estimated at approximately $60, potentially up to $599 (no proof beyond your Claim ID); (3) three years of three-bureau credit monitoring services; and (4) for California residents, a California Statutory Payment of up to $100 under the California Consumer Privacy Act. Payments may be pro rata reduced if total claims exceed the $31.5 million cap, though the parties do not anticipate a pro rata decrease.

Do I need proof to file a Flagstar settlement claim?

Yes, you need your Settlement Claim ID from the notice the Settlement Administrator mailed or emailed to you. Without that Claim ID, you cannot submit a claim. The Claim ID itself is the proof you are on Flagstar's list of identified class members. Beyond the Claim ID: for the Residual Cash Payment, California Statutory Payment, and Credit Monitoring tiers, no additional documents are required. For the up-to-$25,000 documented Monetary Losses tier, you must upload supporting documentation such as bank statements, identity theft reports, fraud-resolution invoices, or other receipts showing out-of-pocket losses caused by the breaches. The online claim form has a separate section for uploading these documents.

What is the deadline to file a Flagstar settlement claim?

The claim deadline is August 11, 2026 at 11:59:59 PM Eastern Time for online submissions, or postmarked by August 11, 2026 for mailed claim forms. The opt-out deadline is earlier, on June 29, 2026, and the objection deadline is also June 29, 2026. The Final Approval Hearing is scheduled for October 1, 2026 at 9:30 a.m. Eastern Time before Judge Matthew F. Leitman in the United States District Court for the Eastern District of Michigan.

What was the Flagstar Bank data breach about?

Flagstar Bank experienced two separate data breaches in 2021. The first, in January 2021, involved a cyberattack on a file-sharing platform Flagstar used, in which cyber criminals exfiltrated unencrypted documents containing personally identifiable information (PII) of approximately 1.47 million people. The January 2021 breach was part of the larger Accellion FTA (File Transfer Appliance) supply-chain breach that affected many organizations worldwide that year. The second Flagstar breach occurred in December 2021. The lawsuit alleges that Flagstar did not adequately protect consumer and employee personal information and delayed providing breach notices. Flagstar denies these claims, and the court has not decided who is right. The settlement resolves the dispute without an admission of liability.

Flagstar Bank Data Breach Class Action Settlement — $31.5 Million Fund for 2.19 Million Affected Customers

Q: What is Flagstar Bank?

Flagstar Bank, N.A. is a major U.S. national bank. At the time of the 2021 data breaches, Flagstar Bank was headquartered in Troy, Michigan and operated as a subsidiary of Flagstar Bancorp, Inc. In December 2022, New York Community Bancorp (NYCB) acquired Flagstar Bancorp. In October 2024, the combined holding company rebranded itself as Flagstar Financial, Inc. (NYSE: FLG), with Flagstar Bank, N.A. as its primary banking subsidiary. The settlement defendant is the same legal entity, Flagstar Bank, N.A., that experienced the 2021 breaches. The class includes individuals whose personal information was held by that bank during the breach period.

Q: When will I receive my Flagstar settlement payment?

The Court is scheduled to consider final approval at the October 1, 2026 hearing. If the settlement is approved and the order becomes final after the appeal period, the Settlement Administrator typically distributes payments several weeks to several months later. Realistic timing for first payments to class members is late 2026 to mid 2027 if there are no appeals. Class members who choose electronic payment options (such as PayPal, Venmo, or virtual prepaid card) usually receive payment faster than those who choose paper checks. If appeals are filed, distribution can be delayed by 12 to 36 months.

By Steve Levine

Flagstar Bank 2021 data breach class action settlement customer reimbursement credit monitoring

Published: May 12, 2026

Status Claims Open

Claim Deadline August 11, 2026 opt-out and objection deadline June 29, 2026 · final approval hearing October 1, 2026

Estimated Payout ~$60 Cash + Up to $25,000 Documented + 3 Years Monitoring California residents add up to $100 CCPA statutory payment

Proof Required Yes (Claim ID + Receipts for $25,000 Tier) Claim ID from your Notice required to file · receipts required only for documented monetary losses

What Is the Flagstar Bank Data Breach Settlement About?

Did you receive a notice that your personal information was exposed in the Flagstar Bank data breaches? Approximately 2.19 million U.S. customers and employees of Flagstar may be eligible for cash, reimbursement, and free credit monitoring from a $31.5 million class action settlement. The claim deadline is August 11, 2026, and the final approval hearing is October 1, 2026.

The lawsuit, captioned Angus et al. v. Flagstar Bank, N.A., Case No. 2:21-cv-10657-MFL-DRG, is pending in the United States District Court for the Eastern District of Michigan before Judge Matthew F. Leitman. The court granted preliminary approval of the settlement on March 12, 2026. The lawsuit alleges that Flagstar failed to adequately protect customers' and employees' personally identifying information (PII) and delayed providing notice of the breaches.

The settlement resolves claims relating to two separate Flagstar data breaches during 2021: a January 2021 breach involving Flagstar's file-sharing platform, and a December 2021 breach. Flagstar denies the claims and is settling without admitting liability. The court has not decided which side is right. The Settlement Administrator is Eisner Advisory Group LLC, operating the official Settlement Website at flagstarsettlement.com.

30-Second Self-Test: Do I Qualify for the Flagstar Settlement?

If you can answer yes to the question below, you are likely a Settlement Class Member.

• Did you receive an Email Notice or Postcard Notice from the Settlement Administrator about the Angus v. Flagstar Bank class action? The notice arrived from "Angus v. Flagstar Bank" and contained your Settlement Claim ID. Receiving that notice means Flagstar identified you as one of the approximately 2,187,170 U.S. individuals whose personal information was impacted by either or both of the 2021 breaches.

If you answered yes, head to the official Settlement Website to submit your claim by August 11, 2026. If you believe you should have received a notice but did not, email the Settlement Administrator (the address is on the official Settlement Website) to request a copy of your Claim ID.

What Is Flagstar Bank?

Flagstar Bank, N.A. is a major U.S. national bank. Some background helps clarify the scope of this settlement, because Flagstar has been through significant corporate changes since the 2021 breaches.

At the time of the breaches, Flagstar Bank was headquartered in Troy, Michigan and operated as the primary banking subsidiary of Flagstar Bancorp, Inc. In December 2022, New York Community Bancorp (NYCB) acquired Flagstar Bancorp in an all-stock merger. In March 2023, NYCB also acquired certain assets and liabilities of the failed Signature Bridge Bank in an FDIC-assisted transaction. By February 2024, all branches of the combined entity had been rebranded under the Flagstar name. In October 2024, the combined holding company itself was renamed Flagstar Financial, Inc. (NYSE: FLG). In October 2025, the holding company was reorganized into Flagstar Bank, N.A.

The settlement defendant is Flagstar Bank, N.A., the same legal entity that experienced the 2021 breaches. The settlement does not extend to former NYCB legacy customers (who were a different entity at the time) or to former Signature Bank customers. People who became Flagstar customers only after 2021 are also not in the class unless they were also customers of original Flagstar during the breach period.

Which Banks Are Included? (A Common Question)

Only one bank is included as a defendant: Flagstar Bank, N.A. The settlement does not cover customers of NYCB legacy operations or of the former Signature Bank, even though all three entities are now combined under the Flagstar name.

If you received an Email Notice or Postcard Notice from the Angus v. Flagstar settlement, you are on Flagstar's list as a class member regardless of which current bank name you associate with. If you did not receive a notice, you are most likely not on the list.

How Many People Are Part of the Flagstar Settlement?

The Settlement Class includes approximately 2,187,170 U.S. consumers identified by Flagstar as having personal information impacted by the data breaches. This is one of the larger consumer data breach class action settlements currently active.

The class is structured as two overlapping groups:

• Nationwide Settlement Class: approximately 2,187,170 individuals across the United States whose personal information was impacted.
• California Settlement Subclass: approximately 364,000 California residents whose information was impacted. California Subclass members are eligible for the same Nationwide Class benefits plus an additional California Statutory Payment of up to $100 under the California Consumer Privacy Act (CCPA).

What Are the Four Flagstar Settlement Benefits?

The $31.5 million Settlement Fund supports four separate benefit tiers. Class members may be eligible for one, several, or all of them depending on what documentation they have and where they reside.

Benefit 1: Documented Monetary Losses Reimbursement (up to $25,000). Class members can be reimbursed for out-of-pocket losses fairly traceable to the data breaches, up to a maximum of $25,000 per claimant. Qualifying losses can include time and money spent resolving identity theft or fraud, unreimbursed bank or credit card charges, costs of credit monitoring or identity theft protection purchased before this settlement, professional fees, and similar documented expenses. Receipts and supporting documentation are required to claim this tier.

Benefit 2: Residual Cash Payment (estimated approximately $60, potentially up to $599). Class members can claim a flat cash payment regardless of whether they have documented losses. The estimated amount is approximately $60 per claimant, with the potential to reach up to $599 depending on how many class members file claims and how much of the fund remains after the other benefits are paid. No proof beyond the Claim ID is required for this tier.

Benefit 3: Three Years of Three-Bureau Credit Monitoring. All Settlement Class Members are eligible for three years of credit monitoring services covering all three major bureaus (Equifax, Experian, and TransUnion). This is one of the longer credit monitoring offerings in a 2026 data breach settlement. No proof beyond the Claim ID is required.

Benefit 4: California Statutory Payment (up to $100). California Settlement Subclass members (approximately 364,000 California residents) are eligible for an additional payment of up to $100 under the California Consumer Privacy Act (CCPA). This stacks on top of the Nationwide Class benefits. No proof beyond the Claim ID and California residency is required.

Settlement benefits are subject to pro rata reduction if total approved claims exceed the $31.5 million cap, though the parties do not anticipate this happening.

Do I Need Proof to File a Flagstar Claim?

Yes, but with important nuances by benefit tier. The proof structure works in two layers:

Layer 1: Your Settlement Claim ID is required to file at all. The Settlement Administrator mailed or emailed a Notice to every identified class member. The Email Notice has your Claim ID printed above your name at the top. The Postcard Notice has it above your name and address. Without that Claim ID, you cannot access the online claim portal. The Claim ID itself is the proof you are on Flagstar's list of identified class members; you do not need to produce any account statements or breach notification letters to start.

Layer 2: Receipts are only required for the $25,000 Documented Monetary Losses tier. If you want to claim reimbursement for out-of-pocket losses, you must upload supporting documentation through the claim portal: bank statements, identity theft reports, fraud-resolution invoices, replacement card fees, time sheets showing hours lost to identity theft remediation (at the approved hourly rate), and similar records. The other three benefit tiers (Residual Cash, Credit Monitoring, California Statutory) require only the Claim ID and basic identifying information.

If you lost your Notice or did not receive one but believe you are eligible, contact the Settlement Administrator through the official Settlement Website. The Administrator can typically look up your record using your name and former address and reissue your Claim ID.

What Were the 2021 Flagstar Data Breaches?

Two separate breaches at Flagstar occurred during 2021. Both involved the unauthorized access and exfiltration of personal information.

January 2021 breach. Flagstar publicly announced on March 5, 2021 that it had been the victim of a cyberattack in January 2021. Cyber criminals infiltrated a file-sharing platform used by Flagstar and accessed the personally identifiable information of approximately 1.47 million individuals in the United States. The platform involved was the Accellion File Transfer Appliance (FTA), a legacy file transfer product. The Accellion FTA breach in early 2021 was one of the highest-profile supply-chain cyber incidents of that year, affecting dozens of organizations worldwide that used the same product. The Angus lawsuit alleges that Flagstar knew or should have known the FTA platform was a security risk and had been advised to discontinue its use before the breach.

December 2021 breach. A second Flagstar breach occurred in December 2021, expanding the affected population beyond the January 2021 group. Combined across both breaches, Flagstar identified approximately 2,187,170 affected individuals, including approximately 364,000 California residents.

Flagstar denies wrongdoing and any allegation that its data security practices were inadequate. The settlement resolves both breach groups together without an admission of liability by Flagstar.

How to File a Flagstar Settlement Claim

Two methods are available, both with the same August 11, 2026 deadline.

Method 1: Online (recommended for speed). Visit the official Settlement Website at flagstarsettlement.com and click "Submit a Claim." Enter your Settlement Claim ID from your Notice. The portal walks you through five steps: Claim Eligibility Information, Claimant Information, Settlement Benefits selection, Certification and Payment Options, and Confirmation. For the Documented Monetary Losses tier, upload your supporting documents in the Settlement Benefits step. Online submissions must be completed by 11:59:59 PM Eastern Time on August 11, 2026.

Method 2: U.S. mail. Download the printable claim form from the Settlement Website. Complete it with your Claim ID and benefit selections, attach copies of any documentation for the Documented Monetary Losses tier, and mail it to the Settlement Administrator at the address on the claim form. Mailed claims must be postmarked no later than August 11, 2026.

Before you file, gather: your Settlement Claim ID (from your Notice); your current contact information; and if claiming the $25,000 documented losses tier, any receipts, bank statements, identity-theft reports, fraud-resolution invoices, or other records of losses you incurred because of the breaches.

Key Flagstar Settlement Deadlines

• Submit a claim by: Tuesday, August 11, 2026 (online by 11:59:59 PM ET, or postmarked by mail)
• Opt out of the settlement by: Monday, June 29, 2026
• Object to the settlement by: Monday, June 29, 2026
• Final Approval Hearing: Thursday, October 1, 2026 at 9:30 a.m. Eastern Time, before Judge Matthew F. Leitman, United States District Court for the Eastern District of Michigan
• Class period covered: individuals impacted by the January 2021 and December 2021 Flagstar data breaches

When Will I Receive My Flagstar Settlement Payment?

Payment timing depends on the Court's final approval and any appeals.

• Final Approval Hearing: October 1, 2026. The Court will decide whether the settlement is fair, reasonable, and adequate.
• Settlement becomes final: after the Court enters final approval and any appeal period passes without an appeal.
• Payment distribution: typically begins several weeks to several months after the settlement becomes final. The Settlement Administrator will post payment timing on the Settlement Website once it is set.
• Best case (no appeals): first payments could reach class members in late 2026 or early 2027.
• If appeals are filed: distribution can be delayed by 12 to 36 months.

Class members who select electronic payment options (PayPal, Venmo, Zelle, or virtual prepaid card) typically receive payment faster than those who select a paper check by U.S. mail.

What Happens If I Do Nothing?

If you do nothing, you remain in the Settlement Class (unless you opt out) and will be bound by the Court's decisions, but you will not receive any settlement benefits. You will also give up the right to sue, continue to sue, or be part of another lawsuit against Flagstar related to the legal claims this settlement resolves.

For class members who qualify, doing nothing leaves substantial benefits unclaimed. The Residual Cash Payment alone (estimated $60) plus three years of free three-bureau credit monitoring are available with only a few minutes of online submission and your Claim ID. California residents add a potential $100 CCPA payment on top.

How to Opt Out or Object to the Settlement

Class members who do not want to be bound by the settlement have two alternatives, both with the same June 29, 2026 deadline.

Opting out means receiving no settlement benefits, but preserving the right to file your own lawsuit against Flagstar over the data breach claims. Opt-out requests must be in writing and submitted to the Settlement Administrator following the instructions on the official Settlement Website. This is the only option that keeps your right to sue.

Objecting means staying in the class (and remaining eligible for benefits) but asking the Court to reject or modify the settlement. Written objections must be electronically filed with the Court or mailed to the Clerk of Court at the United States District Court for the Eastern District of Michigan, with the objection postmarked by June 29, 2026. Objections must include the case name and number, contact information, a statement of whether the objection applies to you or the broader class, the specific grounds for the objection, and a statement of whether you intend to appear at the Final Approval Hearing.

Other Active Data Breach Class Action Settlements

Data breach class action settlements covering banks, retailers, healthcare providers, and tech companies are common. Class members in one data breach may qualify for unrelated breach settlements covering different companies; filing in one does not affect eligibility for any others. Many recent data breach settlements offer similar four-tier structures: small flat cash, documented losses reimbursement, credit monitoring, and California-specific CCPA payments stacked on top.

Check the OCA database of open class action settlements for other active data breach and consumer privacy cases.

How Do I Find Class Action Settlements?

Find all the latest class actions you can qualify for by getting notified of new lawsuits as soon as they are open to claims:

Claim Form Website: FlagstarSettlement.com

Submit Claim

Official Settlement Notice

Sources

• Official Settlement Website: FlagstarSettlement.com
• Angus et al. v. Flagstar Bank, N.A., Case No. 2:21-cv-10657-MFL-DRG, U.S. District Court for the Eastern District of Michigan, Hon. Matthew F. Leitman presiding
• Notice of Proposed Class Action Settlement
• Order Granting Preliminary Approval (March 12, 2026)
• Settlement Administrator: Eisner Advisory Group LLC

Filing Class Action Settlement Claims

Please submit only truthful information through the Settlement Website. False or fraudulent submissions can be rejected and may lead to penalties. The official Settlement Website is the authoritative source for benefit amounts, deadlines, and payment instructions. If you are not sure whether you qualify, contact the Settlement Administrator through the Settlement Website. OpenClassActions.com is a consumer news site and is not the Settlement Administrator or a law firm, and we do not process or decide claims.

For more class actions keep scrolling below.

Open Class Action Lawsuit and Class Action Settlement

Social Media Addiction Cases - Prequalify

Status: Open

Pre-Qualify

DraftKings & FanDuel Addiction Lawsuits

Status: Open

Learn More

Roblox - Investigation

Pre-Qualify Here

Submit Claim

File a rebate form to get a coupon, refund, rebate, or payment from this new class action settlement

$68M Google Assistant Settlement

Deadline: August 27, 2026

Submit Claim

$87.5M Beef Prices Settlement

Deadline: June 30, 2026

Submit Claim

Flagstar Data Breach Settlement Snapshot
Status	Open — Filing Claims Now (Preliminary Approval March 12, 2026)
Settlement Fund	$31,500,000
Nationwide Class Size	Approximately 2,187,170 U.S. individuals
California Subclass Size	Approximately 364,000 California residents (eligible for additional CCPA statutory payment)
Benefits	Documented Monetary Losses up to $25,000; Residual Cash Payment (~$60 estimated, up to $599); 3 years three-bureau Credit Monitoring; California Statutory Payment up to $100 for CA residents
Claim Form Deadline	Tuesday, August 11, 2026 (online by 11:59:59 PM ET; mailed claims postmarked by same date)
Opt Out Deadline	Monday, June 29, 2026
Object Deadline	Monday, June 29, 2026
Final Approval Hearing	Thursday, October 1, 2026 at 9:30 a.m. Eastern Time, U.S. District Court for the Eastern District of Michigan
Breach Events	January 2021 (Accellion FTA file-sharing platform attack, ~1.47M people) and December 2021 (combined total ~2.19M people)
Court	U.S. District Court for the Eastern District of Michigan
Judge	Hon. Matthew F. Leitman
Case Number	2:21-cv-10657-MFL-DRG
Case Title	Angus et al. v. Flagstar Bank, N.A.
Defendant	Flagstar Bank, N.A. (now a subsidiary of Flagstar Financial, Inc., NYSE: FLG; formerly New York Community Bancorp until October 2024 rebrand)
Category	Data Breach / Consumer Privacy / Banking
Settlement Administrator	Eisner Advisory Group LLC
Proof Required to File?	Yes — Settlement Claim ID from your Email Notice or Postcard Notice is required; receipts are additionally required only for the up-to-$25,000 documented monetary losses tier
Lost Your Notice?	Email the Settlement Administrator through the official Settlement Website to request your Claim ID
Official Website	Flagstar Settlement