The sensitive data of 237,703 Comcast subscribers was compromised in a cyberattack targeting debt collection agency Financial Business and Consumer Solutions (FBCS) that was discovered on July 17. This revelation overturns previous assurances that Comcast was unaffected by the intrusion.
The breach notification was disseminated to impacted subscribers in August, with details now made public by the state of Maine. However, the agency did not publicly disclose the precise method of the cyberattack or confirm the ransomware involvement, which Comcast has now revealed in its customer notifications.
The security incident occurred between February 14 and 26, 2024, when an unauthorized party infiltrated FBCS's computer network, exfiltrating data and deploying ransomware.Â
FBCS initially reported that over 4 million individuals were impacted by the February intrusion, but the number reached 5,117,493. The intrusion exposed names, Social Security numbers, dates of birth, account information, and medical information.
Contrary to initial reports in March, FBCS informed Comcast in July that subscriber data—comprising names, addresses, Social Security numbers, dates of birth, and specific Comcast account identifiers—had been illicitly accessed. Â
The data primarily involves customers registered around 2021. Crucially, Comcast's internal systems, including its Xfinity broadband division, remained uncompromised.
FBCS cannot provide standard identity and credit monitoring services to those affected due to its financial constraints. Comcast has pledged to cover these protective measures itself – the U.S. telco giant offered 12 months of CyEx Identity Defense Complete complimentary credit, and identity monitoring.
Truist Bank, one of the largest banks in the United States, also sent notices of a data breach to its customers regarding the FBCS data breach.