Millions more victims exposed in debt collection agency data breach

News
By published

Financial Business and Consumer Solutions breach is much bigger than thought

Data leak
(Image credit: Shutterstock)

The recent data breach at debt collection agency Financial Business and Consumer Solutions (FBCS) was a lot bigger than initially thought, the company has revealed.

After first reporting some 1.9 million victims were affected in the incident, the company now says the actual number may be more than 4.2 million.

In late April 2024, it was reported that FBCS suffered a cyberattack two months prior, with the company noting in a breach notification letter sent to affected customers an unnamed threat actor dwelled in its IT systems for two weeks, harvesting people’s full names, social security numbers (SSN), birth dates, account information, driver’s license numbers, and ID card numbers.

Using the stolen files

Now, however, the company has issued a new supplemental notice with the Office of the Maine Attorney General increasing the number of affected people to 4,253,394 individuals. 

The company started notifying the additional people, warning them of potential risks of phishing, identity theft, and online fraud. Furthermore, FBCS is offering two years of free credit and identity theft monitoring via CyEx. The same type of information was stolen on all individuals.

It is still unknown who pulled off the heist, since no hacking collectives assumed responsibility for the attack, nor did anyone find the database leaking anywhere on the dark web. Usually, threat actors would reach out to victim organizations and try to extort money, in exchange for deleting the archives. 

If that fails, they would turn to the dark web, in an attempt to sell the archive to the highest bidder. Actively used email addresses, as well as personally identifiable information (PII), is valuable data that can be used in phishing, or even ransomware attacks. 

Ultimately, if no other options bear fruit, the hackers can always leak it online to improve their credibility in the cybercriminal community.

Via BleepingComputer

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.