Connect with us

Hi, what are you looking for?


Data Breaches

500k Impacted by Data Breach at Debt Buyer NCB

NCB Management Services is informing roughly 500,000 individuals of a data breach impacting their personal information.

National accounts receivable management company and debt buyer NCB Management Services has started informing roughly 500,000 individuals that their personal information was compromised in a data breach.

An unauthorized party compromised some of NCB’s systems on February 1 and gained access to Bank of America credit card accounts information, NCB says. The incident was discovered on February 4, and the data theft was confirmed on March 8.

Exposed personal information, the company says, includes names, addresses, phone numbers, email addresses, birth dates, driver’s license numbers, Social Security numbers, and employment positions.

Financial information such as pay amounts, credit card numbers, routing numbers, account numbers and balance, and/or account statuses was also stolen.

According to NCB, the impacted credit card accounts had already been closed when the cyberattack occurred. The incident did not involve the compromise of Bank of America systems, NCB underlines.

The company also says that it is not aware of the potentially accessed information being distributed or used maliciously.

“The unauthorized activity on NCB’s systems has been stopped, and NCB has obtained assurances that the third party no longer has any of the information on its systems,” the company says.

Advertisement. Scroll to continue reading.

NCB did not share information on the type of cyberattack it suffered, but its description of the incident suggests that it engaged in communication with the attackers, which implies that a ransom demand might have been made.

NCB informed the Maine Attorney General’s Office that it was sending notification letters to nearly 500,000 individuals affected by the incident.

Earlier this week, national consumer rights law firm Wolf Haldenstein Adler Freeman & Herz LLP announced that it was investigating the incident on behalf of impacted individuals.

Related: ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation

Related: 14 Million Records Stolen in Data Breach at Latitude Financial Services

Related: NBA Notifying Individuals of Data Breach at Mailing Services Provider

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.


Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users.

Data Breaches

Health services company Independent Living Systems has disclosed a data breach that impacts more than 4 million individuals.