Thousands of Comcast customers have data stolen from third party debt collectors

3 weeks ago 7
ransomware avast
(Image credit: Avast)

Hundreds of thousands of Comcast users had their data stolen in a third-party ransomware attack and data breach on a third-party partner, the company has confirmed.

Financial Business and Consumer Solutions (FBCS) fell prey to an attack from an unknown threat actor in February 2024 which saw sensitive data stolen and systems encrypted, with the hackers then demanding payment in exchange for releasing the decryption key.

When FBCS initially suffered the ransomware attack, the crooks made away with sensitive data on more than four million people, and at first, the firm believed Comcast’s customer data was secure, but after a more thorough investigation, FBCS has concluded it was affected, too.

Comcast and Truist Bank

In total, 237,703 Comcast customers had their sensitive data taken, including names, addresses, Social Security numbers, dates of birth, and the Comcast account numbers and ID numbers used internally at FBCS.

One intriguing point appears to be that the affected users were apparently Comcast customers around 2021, which is somewhat odd, since FBCS wasn’t a Comcast client at that time, and wouldn't be for another year.

FBCS is a debt collection firm, which Comcast allegedly used until 2020, also offering account management, financial advisory, credit solutions, and payment processing services.

After learning of the incident, Comcast started notifying its customers, and sent out a data breach notification letter, stating it will cover the expenses of identity theft protection services, since the FBCS allegedly cannot afford it. It also said that the firm notified the FBI of the intrusion.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Despite this being a major ransomware attack against a large enterprise, with millions of victims, no threat actor has yet claimed responsibility.

To make matters worse, Comcast was not the only company affected by the FBCS attack. BleepingComputer reports that Truist Bank was also a victim, but this firm did not say how many of its customers lost their data.

Via The Register

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article