US telecom giant Comcast, along with Truist Bank, Capio, and CF Medical, are the latest companies to be hit with a data leak, but it’s not their fault. The data leak stems from the Financial Business and Consumer Solutions (FBCS) breach in February. 237,000 Comcast customers’ personal information was exposed, including people’s names, addresses, Social Security numbers, birth dates, and Comcast account and ID numbers.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
Comcast
What you need to know
A data breach has exposed the names, addresses, social security numbers, and birthdates of more than 237,700 Comcast customers, according to a filing with the state of Maine on Friday, as reported by BleepingComputer. The breach stems from a security incident at Financial Business and Consumer Solutions (FBCS), a Pennsylvania-based debt collection agency previously used by Comcast.
FBCS first informed Comcast in March that the security incident did not involve any customer data. However, in July, FBCS notified the telecom giant that its customer data had, in fact, been compromised, stating that an “unauthorized party downloaded data from FBCS systems and encrypted some systems as part of a ransomware attack.”
The stolen data belongs to customers who signed up “around 2021,” Comcast says, adding that it stopped using FBCS for debt collection in 2020. FBCS hasn’t shared the details of its security incident yet, but Comcast’s filing confirms it was a ransomware attack — a type of cyberattack where hackers hold onto the data and demand a ransom to either delete it or give it back.
MASSIVE FREE VPN DATA BREACH EXPOSES 360 MILLION RECORDS
The FBCS attack that started it all
As I reported back in June, the FBCS cyberattack happened on February 14 when hackers accessed the company’s systems. FBCS didn’t realize there had been a breach until February 26, and when it did, it described the incident as “unauthorized access to certain systems in its network.”
Initially, the company estimated that around 1.9 million people were affected, but that number jumped to 4 million in June 2024. The data breach leaked a massive amount of consumer information, including full names, Social Security Numbers (SSNs), dates of birth, and driver’s license or ID card numbers.
Since FBCS provides services to multiple companies, their customers’ data got mixed up in the leak. So, even if you have nothing to do with FBCS, your info might still be out there. Along with Comcast, Truist Bank — one of the largest banks in the US — and CF Medical, a medical debt-purchasing company known as Capio, have also been affected. As a result of this incident. Comast is offering credit monitoring for 1 year to customers who were impacted.
FBCS
HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS
6 ways to protect yourself from data breaches
If you’ve been impacted by the Comcast breach, follow these steps to protect your personal data and privacy.
1) Invest in identity theft protection: If you think your personal data has been leaked, scammers may try to impersonate you to gain access to your private information. The best thing you can do to protect yourself from this type of fraud is to subscribe to an identity theft service.
Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
My top recommendation is Identity Guard. One of the best parts of using Identity Guard is that they might include identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.
CyberGuy’s Exclusive Offer: Get the Identity Guard Ultra protection to protect your identity and credit for as little as $9.99/mo (lowest offered anywhere) for the first year.
See my tips and best picks on how to protect yourself from identity theft.
2) Place a fraud alert: If you suspect you are a victim, contact the three major credit reporting agencies (Equifax, Experian, or TransUnion) and request a fraud alert to be placed on your credit file. This will make it more difficult for identity thieves to open new accounts in your name without verification. Comcast is offering a year of free credit monitoring for those who may have been impacted through data breach response firm CyEx.
3) Be cautious of phishing attempts: Be vigilant about emails, phone calls, or messages from unknown sources asking for personal information. Avoid clicking on suspicious links or providing sensitive details unless you can verify the legitimacy of the request. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
4) Check Social Security benefits: It is crucial to periodically check your Social Security benefits to ensure they have not been tampered with or altered in any way, safeguarding your financial security and preventing potential fraud.
5) Beware of snail mail: With all the data leaks happening, it’s more important than ever to keep an eye on your physical mail. Hackers can get their hands on sensitive information, and that can lead to identity theft or fraud. Be on the lookout for any unexpected letters or packages, especially if they ask for personal info or seem suspicious.
6) Invest in a data removal service: Consider using a data removal service that specializes in eliminating your personal information from online databases and people-search websites. These services can help reduce your digital footprint and make it more difficult for identity thieves to access your information. By proactively removing your data from public view, you can enhance your privacy and security in the wake of a breach like the one experienced by Comcast.
They aren’t cheap – and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.
Special for CyberGuy Readers (60% off): Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $5.99/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 190+ data brokers. You can add up to 3 emails, 3 home addresses and 3 phone numbers (U.S. citizens only) and have them removed from data-broker databases. I recommend the family plan because it works out to only $4.12 per person per month for year-round coverage. It’s an excellent service, and I highly recommend at least trying it out to see what it’s all about.
Get Incogni for your family (up to 4 people) here
WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM
Kurt’s key takeaway
The FBCS data breach impacted Comcast, Truist, and CF Medical, and these are just the names we know of. The total number of affected users is above four million, which means we might hear of more companies whose customers’ data has been leaked due to FBCS. Since it’s a ransomware attack, FBCS might have to pay the hackers a hefty ransom to get the data back or deleted; otherwise, it could end up in the hands of dark web scammers and other data aggregators.
Do you think companies like FBCS should be held accountable for breaches that impact their clients’ customers? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.