Comcast says data of 230,000 customers stolen in ransomware attack
What's the story
US telecommunications giant, Comcast, has warned about a major data breach.
The incident took place during a ransomware attack on Financial Business and Consumer Solutions (FBCS), a third-party debt collection agency that was once used by Comcast.
The breach led to the theft of personal information of over 230,000 customers who were registered around 2021.
Information leak
Initial denial and subsequent confirmation
The cyberattack on FBCS occurred in February 2024.
Initially, in March, FBCS assured Comcast that no customer data was compromised during the security incident.
However, by July, FBCS had to admit that Comcast's customer data had indeed been breached.
The compromised information includes names, addresses, Social Security numbers, dates of birth as well as Comcast account and ID numbers.
Service termination
Comcast ceased using services in 2020
The exact nature of the security incident at FBCS remains undisclosed. However, Comcast's filing with Maine's Attorney General said it was a ransomware attack.
The filing stated, "An unauthorized party gained access to FBCS's computer network and some of its computers" between February 14 and February 26, 2024.
Widespread impact
FBCS breach impacts over 4 million people
The FBCS data breach had a far-reaching impact, affecting over four million people. In some cases, attackers even accessed medical claims and health insurance information.
CF Medical, a medical debt-purchasing company (also known as Capio), confirmed that customer health information was stolen due to the FBCS breach.
In September 2024, CF Medical reported that personal and health information of over 620,000 individuals had been stolen.
Bank breach
Truist Bank also affected by FBCS data breach
Truist Bank, one of the biggest banks in the US, has also confirmed its impact from the FBCS data breach.
The bank has not revealed how many of its 10 million customers were affected. However, it warned that attackers accessed names, addresses, account numbers, dates of birth as well as Social Security numbers.
This further underscores the severity and wide-reaching consequences of the ransomware attack on FBCS.