close
close

FBCS data breach victim count reaches 4.2 million

Posted on by angelo
FBCS data breach victim count reaches 4.2 million

Debt collection agency Financial Business and Consumer Solutions (FBCS) has revealed that the number of people affected by the February data breach has risen to 4.2 million. This update on the FBCS data breach follows a new supplemental notice to the Maine Attorney General’s Office, further increasing the numbers previously reported.

In its latest notice filed with the Maine Attorney General’s Office, FBCS reported that the data breach now affects 4,253,394 individuals.

Initially disclosed in late April, the firm said that the sensitive personal information of approximately 1.9 million people had been compromised in the FBCS data breach. That figure was increased to 3.2 million in May, and today the company increased the total again by another million.

Types of Information Exposed in a FBCS Data Breach

On July 23, 2024, FBCS began sending additional data breach notifications to additional affected individuals. The notification outlined the increased risks and provided guidance on protective measures. The notice explicitly mentioned FBCS’s ongoing efforts to identify and notify more affected individuals. Specifically, two additional Maine residents were notified, bringing the total number of potentially affected Maine residents to 7,841.

The FBCS data breach resulted in the exposure of different types of personal information for different individuals, including:

  • First and last name
  • Social Security Number (SSN)
  • Date of birth
  • Account Information
  • Driver’s license number or identity card
  • Medical information

This sensitive information has potentially been accessed, increasing the risk of phishing and fraud for those affected.

Details of the data breach at FBCS

FBCS first discovered unauthorized access to its systems on February 26, 2024. The data breach at FBCS was limited to its internal network and the company immediately took steps to secure the impacted environment. Third-party forensic specialists were engaged to conduct a thorough investigation, which revealed that the unauthorized access occurred between February 14 and February 26, 2024. During this time period, the unauthorized actor was able to view or acquire sensitive information on the FBCS network.

It is not yet clear what type of attack led to the data breach, as no ransomware group has claimed responsibility for the attack. FBCS only said it detected unauthorized access to its internal network.

Company response and preventive measures

After discovering the breach, FBCS quickly secured the environment and launched a thorough investigation. They undertook a thorough review of the data at risk to determine the scope of the breach and identify potentially affected individuals. In keeping with their commitment to information security, FBCS implemented additional safeguards in a newly constructed environment.

As part of its response, FBCS is offering affected individuals free access to credit monitoring and identity restoration services for 24 months through CyEx. The company is providing detailed instructions on how to sign up for these services, urging beneficiaries to take immediate steps to protect their personal information.

Steps to follow for those concerned

  • Sign up for credit monitoring services: Recipients of the FBCS Data Breach Notification are encouraged to sign up for FBCS’s free credit monitoring and identity restoration services. This service, provided by CyEx, is designed to help protect against identity theft and fraud.
  • Monitor financial accounts: FBCS advises those affected to remain vigilant for identity theft and fraud. This includes regularly monitoring account statements for errors and reviewing credit reports for suspicious activity.
  • Report suspicious activity: Any fraudulent activity or suspected identity theft should be promptly reported to the financial institution and law enforcement authorities. FBCS has included instructions on how to file a complaint with the Federal Trade Commission (FTC) and encourages individuals to follow these steps.
  • Consider placing fraud alerts or security freezes: Affected individuals may also want to consider placing a fraud alert or security freeze on their credit reports. Fraud alerts notify creditors of potential fraudulent activity and ask them to contact the individual before opening new accounts. Security freezes can prevent new credit from being opened without a PIN, although they may delay the ability to obtain credit.
  • Conclusion

The FBCS data breach highlights the ongoing challenges organizations face in protecting sensitive personal information. As the situation evolves, affected individuals are encouraged to take steps to protect their personal information and remain vigilant against potential threats.