close
close

Comcast and Truist Bank customers caught in FBCS data breach

Posted on by angelo
Comcast and Truist Bank customers caught in FBCS data breach

Comcast and Truist Bank customers caught in FBCS data breach

Comcast Cable Communications and Truist Bank have revealed that they were hit by a data breach at FBCS and are now notifying their respective customers that their data has been compromised.

The case involves a data breach at Financial Business and Consumer Solutions (FBCS), a debt collection agency in the United States that partners with various companies to collect unpaid debts on their behalf.

Last April this year, FBCS informed of a data breach that occurred between February 14 and 26, 2024, when malicious actors breached its network and stole the following details from its electronic records:

  • First and last name
  • Social Security Number (SSN)
  • Date of birth
  • Account information
  • Driving license number or identity card

The data breach was initially thought to have affected 1.9 million people, but later findings increased that figure to 3.2 million in June and ultimately 4.2 million people in July.

The internal investigation into the incident appears to be ongoing, as FBCS recently notified other entities that they had been affected, including Comcast and Truist.

Furthermore, it is now known that due to the deterioration of the financial situation of the FBCS, probably a direct consequence of the breach, the entities indirectly affected by the incident will have to undertake the notification and remedy processes themselves.

Comcast data exposed

Comcast says FBCS assured them in March that the security incident had no impact on customer data. However, on July 17, FBCS informed Comcast that its customer data was also affected.

According to a notice submitted to Maine authorities, 273,703 Comcast customers were affected by this breach.

“FBCS’s investigation discovered that the files uploaded by the unauthorized party included your name, address, social security number, date of birth, as well as your Comcast account number and identification numbers used in internal at FBCS”, we read in the notification sent to affected customers.

“FBCS states that it has no indication that any personal information compromised in this incident has been misused again.”

Affected individuals received 12 months of free identity theft protection services, with activation instructions attached.

Truist Bank was also affected

On a related note, Truist Bank, one of the largest banks in the United States, also sent data breach notifications to its customers related to the FBCS incident.

The letters were sent in mid-September, but a sample was submitted to California authorities more recently.

“FBCS has indicated that the type of information that may have been affected varies by individual and may include the consumer’s name, address, account number, date of birth and Social Security number,” a revealed Truist Bank.

Truist operates more than 2,700 branches in 15 states and employs 40,000 people. The number of people affected could therefore be significant, even if it has not been specified.

BleepingComputer emailed Truist to find out how many of its customers were affected by this incident, but no comment was immediately available.

Meanwhile, last June, Truist Bank confirmed a separate breach believed to have occurred in October 2023 after a malicious actor leaked stolen data on a hacking forum.