Debt collector FBCS ups cyber incident victim count to over 4.1 million individuals

US debt collection agency Financial Business and Consumer Solutions said it experienced a significant data security incident that compromised the sensitive personal information of more than 4.1 million customers.

 

In a filing with the Office of the Maine Attorney General, FBCS said that on February 26, it identified unauthorised access to its internal network and immediately launched an internal investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“The investigation determined that the environment was subject to unauthorised access between February 14 and February 26, 2024, and the unauthorised actor had the ability to view or acquire certain information on the FBCS network during the period of access,” the company said.

 

The compromised data included names, Social Security numbers, dates of birth, driver’s license numbers, non-driver identification card numbers and account information.

 

FBCS initially revealed that the data security incident impacted 1,955,385 individuals. Later, in multiple filings, FBCS said it identified a total of 4,050,711 individuals who were impacted by the incident.

 

In a fresh filing with the Maine Attorney General on July 17, FBCS again revised the number of affected individuals, stating that it has identified at least 4,171,097 individuals whose data was accessed during the incident.

 

While the collection agency found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

The agency has also offered one year of complimentary identity protection and credit monitoring services through CyEx to all affected individuals.