Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Data breach at US debt collector exposes over a million users

An abstract image of a magnifying glass over a digital cloud.

NCB Management Services, a debt collecting company from the United States, has suffered what appears to be a ransomware attack in early February 2023 that left the data of over a million people exposed.

Based on breach notification letters sent to affected parties, as well as the filing it submitted with the Maine Attorney General, some 1.1 million people were affected by the breach.

“Recently, confidential client account information maintained by NCB was accessed by an unauthorized party. To date, we are unaware of any misuse of your information as a result of this incident,” NCB said in the letter to its users. 

Paying the ransom

It took the company some three days to realize they had been breached. From that point, until April 19, NCB was engaged in forensic analysis, trying to understand which types of data were accessed. It later learned that the attackers stole financial account numbers or payment card numbers “in combination with security code, access code, password or PIN for the account.”

The company also hints that it paid the ransom, as it stated that it “obtained assurances that the unauthorized third party no longer has access to any of NCB’s data.”

Regardless, NCB said it will provide its users with up to two years of free identity theft monitoring services.

“In addition to activating the complimentary services offered, we recommend you review your credit reports and account statements over the next 12 to 24 months and notify your financial institution of any unauthorized transactions or incidents of suspected identity theft,” NCB said.

Cybercriminals usually steal sensitive data in order to sell it on the black market, or use it to run phishing campaigns, identity theft, wire fraud, and other forms of cybercrime. Companies are urged not to pay the ransom demand, as there are no guarantees they’ll remain safe, or get their data back. The only thing they can be sure of is that they’ll fund another round of cybercrime. 

Via: Cybernews

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.