Comcast and Truist Bank disclose data breach linked to debt collection agency FBCS

Comcast Cable Communications and Truist Bank have notified customers that their data has been compromised following a breach at Financial Business and Consumer Solutions (FBCS), a U.S.-based debt collection agency. This breach, which occurred between February 14 and February 26, 2024, has continued to expand in scope, now affecting an estimated 4.2 million individuals, up from the initially reported 1.9 million.

FBCS, which partners with various companies to collect unpaid debts, discovered that threat actors infiltrated its network, stealing sensitive customer information, including full names, Social Security numbers, dates of birth, account details, and driver’s license or ID card numbers. Despite assurances earlier this year that Comcast customer data was unaffected, FBCS later notified the telecom giant in July that its customer data had been exposed. The breach affected approximately 273,703 Comcast customers.

Comcast customers have been informed that the stolen data includes names, addresses, Social Security numbers, birthdates, account numbers, and internal identification numbers used by FBCS. While FBCS has indicated no evidence of misuse of the compromised information so far, Comcast has offered affected individuals 12 months of free identity theft protection services.

Truist Bank, one of the largest banks in the U.S., also confirmed that its customers were affected by the FBCS breach. The bank began notifying customers in September, though the exact number of those impacted remains undisclosed. The stolen data for Truist customers may include names, addresses, account numbers, birthdates, and Social Security numbers. Truist Bank was involved in a separate breach in October 2023, where stolen customer data was leaked on a hacking forum.