FBCS debt collector data breach of 5 million+ records caused by ransomware attack, Comcast says

Financial Business and Consumer Solutions was the victim of a ransomware attack that compromised the personal data of more than 5 million people, according to a data breach notice sent to Comcast customers this week.

FBCS previously labelled the attack as a general data breach and notified 1.9 million people in April 2024. The breach also affected customers of two FBCS clients: Comcast Cable Communications and CF Medical. Comcast notified an additional 237,703 victims in August, and CF Medical notified 626,396 victims in September.

The notice from FBCS states, “The investigation determined that the environment was subject to unauthorized access between February 14 and February 26, 2024, and the unauthorized actor had the ability to view or acquire certain information on the FBCS network during the period of access.”

FBCS has revised the number of victims multiple times, more than doubling the number of people notified since the company first disclosed the breach in April 2024. In total, 5,117,493 people have been notified of the breach as of time of writing.

The data breach compromised names, Social Security numbers, dates of birth, account information, and medical information.

Comcast’s notice stated the data breach at FBCS was the result of a ransomware attack. No ransomware group has claimed responsibility as of time of writing.

Comcast’s notice states, “On March 13, 2024, FBCS notified Comcast that it had experienced a data breach incident, but that Comcast consumer data was not impacted. However, on July 17, 2024, FBCS notified Comcast of its new finding that Comcast data was impacted. FBCS provided the following information: ‘[f]rom February 14 and February 26, 2024, an unauthorized party gained access to FBCS’s computer network and some of its computers. During this time, the unauthorized party downloaded data from FBCS systems and encrypted some systems as part of a ransomware attack.’”

FBCS, Comcast, and CF Medical are all offering victims 12 months of free credit monitoring via Cyex. Given the nature of FBCS’ business, victims should be on high alert for phishing messages and identity theft scams sent from cybercriminals posing as FBCS, one of its clients, or a related company.

We do not yet know how much ransom was demanded, if FBCS paid it, or how attackers breached FBCS’ network. Comparitech contacted FBCS for comment and will update this article if it responds.

Ransomware attacks on US finance

Ransomware attacks on finance companies can steal confidential data and disrupt operations that lead to delays and data loss. Aside from data theft, ransomware often encrypts affected systems so they can’t be used until a ransom is paid to decrypt them. Ransomware groups demand additional ransom be paid in exchange for not selling or publicly releasing stolen data.

In 2024 so far, Comparitech researchers logged 31 confirmed ransomware attacks on US finance companies, affecting 33.6 million records. That’s fewer attacks but more records affected than in 2023, which saw 58 attacks affect 10.9 million records for the entire year.

Another 96 such attacks were claimed by ransomware groups but not acknowledged by targets in 2024.

Other ransomware attacks on US financial companies in recent days include those on Central Securities Corporation; Feldstein & Stewart CPAs; and Wright, Moore, DeHart, Dupuis & Hutchinson.

About FBCS

FBCS is a debt collector used by companies like Comcast and CF Medical to collect unpaid debts from customers. Its other clients include businesses in healthcare, auto finance, education, utilities, and consumer credit.

FBCS was founded in 1982 as Federal Bond Collection Services and changed its name in 2014 to Financial Business and Consumer Solutions. The company is based in Hatboro, Pennsylvania, a suburb of Philadelphia.