Data breach at FBCS affects over 4.2 million individuals

The data breach at Financial Business and Consumer Solutions (FBCS) has impacted more individuals than initially reported. The debt collection agency now states that over 4.2 million individuals have been affected, a significant increase from the previously reported 1.9 million.

The cyberattack, which occurred in late February 2024, compromised sensitive customer data. According to a breach notification letter sent in February, the attack saw an unnamed threat actor gain access to FBCS’s IT systems for two weeks. During this time, the intruder harvested extensive personal information, including full names, social security numbers (SSN), birth dates, account information, driver’s license numbers, and ID card numbers, affecting only U.S. citizens.

Last week, FBCS issued a supplemental notice to the Office of the Maine Attorney General, as reported by BleepingComputer, increasing the number of affected individuals to 4,253,394. The company has started notifying the additional victims, warning them of potential risks such as phishing, identity theft, and online fraud. FBCS is offering two years of free credit and identity theft monitoring through CyEx to mitigate these risks.

The perpetrators behind the breach remain unidentified, and no hacking groups have claimed responsibility. Furthermore, there has been no indication that the stolen database appears on the dark web. Threat actors would either attempt to extort money from the victim organization or sell the stolen data online. The compromised information, including active email addresses and personally identifiable information (PII), holds significant value and can be exploited in phishing or ransomware attacks.