A recent court filing by Comcast is claiming that over 230,000 customers' personal data was affected by a data breach of a third-party debt collector that serves on behalf of Comcast.
The filing, spotted by Engadget, revealed that 237,703 customers were hit by the hack.
Way back in February of 2024, a Pennsylvania-based debt collection agency, Financial Business and Consumer Solutions (FBCS), was hit by a ransomware attack. The agency services debt collection for cable giant Comcast, and initially told Comcast that no customer data was affected in the breach.
However, FBCS changed their tune in July when it was reported by TechCrunch that the company notified Comcast saying the personal customer information had been compromised.
According to the reports, the bad actors were able to hoover up addresses, dates of birth, ID numbers, Social Security numbers, names and Comcast account numbers. Apparently, the stolen data belongs to customers who signed up with Comcast "around 2021." Comcast claims that they no longer use FBCS for debt collection.
“From February 14 and February 26, 2024, an unauthorized party gained access to FBCS’s computer network and some of its computers,” the filing states. “During this time, the unauthorized party downloaded data from FBCS systems and encrypted some systems as part of a ransomware attack.
“From February 14 and February 26, 2024, an unauthorized party gained access to FBCS’s computer network and some of its computers. During this time, the unauthorized party downloaded data from FBCS systems and encrypted some systems as part of a ransomware attack," FBCS told Comcast according to the court filings.
At this time, it's not known who attacked FBCS' systems, with the debt collector calling them an "unauthorized actor." Apparently, over 4 million people were impacted overall by the breach, beyond just Comcast customers. The collector has said that medical claims, health insurance information and other IDing data was also stolen.
It's disheartening that hackers targeted a debt collection agency as the people in their systems can least afford to have their information stolen or ransomed.