Cover Image for Thousands of Comcast customers suffer data theft by external debt collectors.
Mon Oct 07 2024

Thousands of Comcast customers suffer data theft by external debt collectors.

When the ransomware actors managed to infiltrate FBCS, they found a valuable opportunity.

A ransomware attack perpetrated by an unknown attacker affected Financial Business and Consumer Solutions (FBCS) in February 2024, stealing sensitive data and encrypting systems. This data breach has impacted hundreds of thousands of Comcast users. It is estimated that over four million records were stolen, and although it was initially thought that Comcast customer information was safe, a deeper investigation revealed that it was indeed compromised as well.

In total, 237,703 Comcast users had personal data exposed, including names, addresses, Social Security numbers, birth dates, as well as account and identification numbers used internally by FBCS. Interestingly, most of those affected appear to be Comcast customers from 2021, despite the fact that FBCS was not a partner of the company at that time, raising confusion about how this data was accessed.

FBCS, which is engaged in debt collection and worked with Comcast until 2020, also offers account management services, financial advisory, credit solutions, and payment processing. After learning about the attack, Comcast began notifying its customers and sent informative letters about the data breach, indicating that they would cover the costs of identity theft protection services, as FBCS allegedly does not have the resources to do so. Additionally, it was reported that FBCS notified the FBI about the intrusion.

Although this is a significant case of ransomware affecting a large company and millions of victims, no group has yet claimed responsibility for the attack. Furthermore, Comcast was not the only company affected; Truist Bank was also involved in the incident, although it has not specified how many of its customers were impacted.