Comcast has acknowledged that they were affected by a data breach in early 2024 that impacted 237,703 of its customers.
In a filing with the Maine Attorney General, the company disclosed that Financial Business and Consumer Solutions (FBCS), a Pennsylvania-based third-party debt collection agency used by Comcast,ย suffered a ransomware attack on February 14, 2024, that exposed subscriber information of its Comcast customers.
Comcast said that on March 13, 2024, FBCS notified them that it had suffered a data breach incident, but no Comcast consumer data was impacted. However, on July 17, 2024, FBCS notified Comcast of its new findings and acknowledged that customer information had, in fact, been compromised.
โFrom February 14 and February 26, 2024, an unauthorized party gained access to FBCSโs computer network and some of its computers.
During this time, the unauthorized party downloaded data from FBCS systems and encrypted some systems as part of a ransomware attack,โ reads theย notification Comcast sent to impacted customers.
โUpon discovering the attack on February 26, 2024, FBCS launched an investigation with the assistance of third-party cybersecurity specialists. In the course of that investigation, FBCS discovered that the files downloaded by the unauthorized party contained personal information, including personal information about you. FBCS also notified the Federal Bureau of Investigation (FBI) of this attack.โ
It added, โThis security incident occurred entirely at FBCS and not at Xfinity or Comcast systems. FBCS received your information because they previously provided Comcast with collections-related services for delinquent payments until 2020, when Comcast ceased working with FBCS. The compromised information about you dates from around 2021, as FBCS is subject to data retention requirements beyond Comcastโs working relationship with FBCS.โ
The data breach exposed the personal information of Comcast customers, including their name, address, Social Security number, date of birth, Comcast account number, and ID numbers used internally at FBCS. While Comcast stopped using FBCS’s debt collection services in 2020, the breach affected customers who were subscribers around 2021.
Further, 4,253,394 individuals were victims of the data breach. In some cases, attackers even accessed medical claims and health insurance records. Comcast has offered 12 months of free-of-charge identity theft protection services, including credit monitoring services to its affected customers,
In September 2024, CF Medical, a medical debt-purchasing company, confirmed that the FBCS data breach affected the personal and health information of over 620,000 patients.
Additionally, Truist Bank, one of the biggest banks in the U.S., also acknowledged that it was impacted by the FBCS data breach, in which attackers accessed the names, addresses, account numbers, dates of birth, and Social Security numbers of its customers. However, it did not reveal how many of its customers were affected by the data breach.
No major ransomware group has yet claimed the data breach at FBCS. Stay tuned for further updates!
