U.S. telecom giant Comcast as well as Truist Bank and Capio & CF Medical are the latest companies to be hit with a data leak, but it’s not their fault. The data leak stems from the Financial Business and Consumer Solutions (FBCS) breach in February. Some 237,000 Comcast customers’ personal information was exposed, including people’s names, addresses, Social Security numbers, birth dates as well as Comcast account and ID numbers.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
What you need to know
A data breach has exposed the names, addresses, Social Security numbers and birth dates of more than 237,700 Comcast customers, according to a filing with the state of Maine on Friday, as reported by BleepingComputer. The breach stems from a security incident at Financial Business and Consumer Solutions (FBCS), a Pennsylvania-based debt collection agency previously used by Comcast.
FBCS first informed Comcast in March that the security incident did not involve any customer data. However, in July, FBCS notified the telecom giant that its customer data had, in fact, been compromised, stating that an “unauthorized party downloaded data from FBCS systems and encrypted some systems as part of a ransomware attack.”
The stolen data belongs to customers who signed up “around 2021,” Comcast says, adding that it stopped using FBCS for debt collection in 2020. FBCS hasn’t shared the details of its security incident yet, but Comcast’s filing confirms it was a ransomware attack, a type of cyberattack where hackers hold the data and demand a ransom to either delete it or give it back.
MASSIVE FREE VPN DATA BREACH EXPOSES 360 MILLION RECORDS
The FBCS attack that started it all
As I reported back in June, the FBCS cyberattack happened on Feb. 14 when hackers accessed the company’s systems. FBCS didn’t realize there had been a breach until Feb. 26, and when it did, it described the incident as “unauthorized access to certain systems in its network.”
Initially, the company estimated that around 1.9 million people were affected, but that number jumped to 4 million in June 2024. The data breach leaked a massive amount of consumer information, including full names, Social Security numbers, birth dates and driver’s license or ID card numbers.
Since FBCS provides services to multiple companies, their customers’ data got mixed up in the leak. So, even if you have nothing to do with FBCS, your info might still be out there. Along with Comcast, Truist Bank – one of the largest banks in the U.S. – and CF Medical, a medical debt-purchasing company known as Capio, have also been affected. As a result of this incident, Comast is offering credit monitoring for one year to customers who were affected.
HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS
6 ways to protect yourself from data breaches
If you’ve been affected by the Comcast breach, follow these steps to protect your personal data and privacy.
1) Invest in identity theft protection: If you think your personal data has been leaked, scammers may try to impersonate you to gain access to your private information. The best thing you can do to protect yourself from this type of fraud is to subscribe to an identity theft service.
Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.
2) Place a fraud alert: If you suspect you are a victim, contact the three major credit reporting agencies (Equifax, Experian or TransUnion) and request a fraud alert to be placed on your credit file. This will make it more difficult for identity thieves to open new accounts in your name without verification. Comcast is offering a year of free credit monitoring for those who may have been impacted through data breach response firm CyEx.
3) Be cautious of phishing attempts: Be vigilant about emails, phone calls or messages from unknown sources asking for personal information. Avoid clicking on suspicious links or providing sensitive details unless you can verify the legitimacy of the request. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.
4) Check Social Security benefits: It is crucial to periodically check your Social Security benefits to ensure they have not been tampered with or altered in any way, safeguarding your financial security and preventing potential fraud.
5) Beware of snail mail: With all the data leaks happening, it’s more important than ever to keep an eye on your physical mail. Hackers can get their hands on sensitive information, and that can lead to identity theft or fraud. Be on the lookout for any unexpected letters or packages, especially if they ask for personal info or seem suspicious.
6) Invest in a data removal service: Consider using a data removal service that specializes in eliminating your personal information from online databases and people-search websites. These services can help reduce your digital footprint and make it more difficult for identity thieves to access your information. By proactively removing your data from public view, you can enhance your privacy and security in the wake of a breach like the one experienced by Comcast.
These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here.
WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM
Kurt’s key takeaway
The FBCS data breach affected Comcast, Truist and CF Medical, and these are just the names we know of. The total number of affected users is above four million, which means we might hear of more companies whose customers’ data has been leaked due to FBCS. Since it’s a ransomware attack, FBCS might have to pay the hackers a hefty ransom to get the data back or deleted; otherwise, it could end up in the hands of dark web scammers and other data aggregators.
Do you think companies like FBCS should be held accountable for breaches that affect their clients’ customers? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2024 CyberGuy.com. All rights reserved.