Comcast Cable Communications and Truist Bank have confirmed that their customers’ personal data was compromised following a security breach at Financial Business and Consumer Solutions (FBCS), a US debt collection agency. Both companies have started notifying affected individuals.
The breach occurred within FBCS, which provides debt collection services for various organisations. In April 2024, FBCS publicly disclosed that its systems had been compromised by cybercriminals between 14 February and 26 February 2024. During this time, unauthorised individuals gained access to FBCS’s network, stealing sensitive information from the agency’s digital records.
Ripples from FBCS breach
Originally, it was reported that 1.9 million individuals were affected by the breach. However, ongoing investigations revealed the number to be 3.2 million by June and later 4.2 million by July. As the investigation continues, additional companies, including Comcast and Truist Bank, have been informed that they were impacted.
As a result of these financial difficulties FBCS is facing following the breach the responsibility for notifying affected customers and addressing the aftermath has shifted to the companies that were indirectly impacted by the incident.
Comcast was initially told by FBCS in March that its customers were not impacted by the incident. However, on 17 July, FBCS notified the telecommunications and media conglomerate that customer data had indeed been compromised. A filing submitted to authorities in Maine confirmed that 273,703 Comcast customers were affected by the breach.
A notice sent to Comcast customers outlined that the information accessed by the attackers included names, addresses, Social Security numbers, dates of birth, and internal account identifiers from both Comcast and FBCS systems.
The notice also stated that FBCS had found no evidence suggesting that the stolen data had been further misused.
Similarly, Truist Bank has begun issuing notifications to its customers regarding the same FBCS breach. The US-based bank sent letters to impacted individuals in mid-September. A copy of the letter was also filed with Californian authorities.
According to Truist Bank’s customer communication, the type of data compromised in the breach varied by individual but may have included names, addresses, account numbers, dates of birth, and Social Security numbers.
With more than 2,700 branches across 15 states and a workforce of 40,000, Truist Bank’s exposure to the breach could involve a substantial number of customers, though the exact figure remains undisclosed.
This breach follows a separate incident at Truist Bank, confirmed in June, which occurred in October 2023 when cybercriminals released stolen data on a hacking forum.
In August 2024, Patelco Credit Union, a Northern California-based financial institution, confirmed that it experienced a major data breach affecting 726,000 individuals. The breach occurred because of a ransomware attack carried out by the RansomHub group, which successfully accessed and stole sensitive customer information. The compromised data includes full names, Social Security numbers, driver’s licence numbers, dates of birth, and email addresses.