Telecommunications provider Comcast is notifying close to 238,000 individuals that their personal information was compromised in a ransomware attack at debt collection agency Financial Business and Consumer Solutions (FBCS).
Initially disclosed in April 2024, the incident was discovered on February 26, 2024, but the attackers had access to FBCS’s network for two weeks before that and could view and exfiltrate certain data, including personal information.
In a series of filings with the Maine Attorney General’s Office, FBCS revealed that over 4.25 million individuals were affected by the data breach.
The potentially compromised information, the agency told the impacted individuals, included names, dates of birth, Social Security numbers, and account data.
Last week, Comcast filed a data breach notification with the Maine AGO, revealing that 237,703 of its current and former customers were impacted by the incident.
According to Comcast, the debt collection agency notified it of the incident in April, saying that no Comcast customers were affected. In July, however, FBCS told the telecommunications provider that the personal information of some of its customers was compromised during the attack.
“FBCS received your information because they previously provided Comcast with collections-related services for delinquent payments until 2020, when Comcast ceased working with FBCS. The compromised information about you dates from around 2021, as FBCS is subject to data retention requirements beyond Comcast’s working relationship with FBCS,” Comcast told the impacted individuals.
The compromised information included names, addresses, dates of birth, Social Security numbers, Comcast account numbers, and internal FBCS ID numbers.
“This security incident occurred entirely at FBCS and not at Xfinity or on Comcast systems. FBCS notified Comcast that due to its current financial status, it would no longer be able to provide notices or credit monitoring protection to individuals impacted by the incident,” Comcast said.
The telecoms services provider is offering one year of credit monitoring and identity protection services to the affected individuals.
The FBCS ransomware attack impacted the customers of various other organizations as well, including Truist Bank and CF Medical (which told the Maine AGO that 626,396 people were affected).
Related: Ransomware Hits Critical Infrastructure Hard, Costs Adding Up
Related: T-Mobile to Pay Millions to Settle With FCC Over Data Breaches
Related: Patelco Credit Union Data Breach Impacts Over 1 Million People
Related: COVID-19-Related Data Breach Affects Thousands in Delaware