Thousands of Comcast customers have data stolen from third party debt collectors
When ransomware actors accessed FBCS, they struck gold
Hundreds of thousands of Comcast users had their data stolen in a third-party ransomware attack and data breach on a third-party partner, the company has confirmed.
Financial Business and Consumer Solutions (FBCS) fell prey to an attack from an unknown threat actor in February 2024 which saw sensitive data stolen and systems encrypted, with the hackers then demanding payment in exchange for releasing the decryption key.
When FBCS initially suffered the ransomware attack, the crooks made away with sensitive data on more than four million people, and at first, the firm believed Comcast’s customer data was secure, but after a more thorough investigation, FBCS has concluded it was affected, too.
Comcast and Truist Bank
In total, 237,703 Comcast customers had their sensitive data taken, including names, addresses, Social Security numbers, dates of birth, and the Comcast account numbers and ID numbers used internally at FBCS.
One intriguing point appears to be that the affected users were apparently Comcast customers around 2021, which is somewhat odd, since FBCS wasn’t a Comcast client at that time, and wouldn't be for another year.
FBCS is a debt collection firm, which Comcast allegedly used until 2020, also offering account management, financial advisory, credit solutions, and payment processing services.
After learning of the incident, Comcast started notifying its customers, and sent out a data breach notification letter, stating it will cover the expenses of identity theft protection services, since the FBCS allegedly cannot afford it. It also said that the firm notified the FBI of the intrusion.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Despite this being a major ransomware attack against a large enterprise, with millions of victims, no threat actor has yet claimed responsibility.
To make matters worse, Comcast was not the only company affected by the FBCS attack. BleepingComputer reports that Truist Bank was also a victim, but this firm did not say how many of its customers lost their data.
Via The Register
More from TechRadar Pro
- Truist Bank confirms data breach after stolen data appears online
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.