A data breach affecting debt collection agency Financial Business and Consumer Solutions (FBCS) has affected telecom giant Comcast Cable Communications.
FBCS says threat actors breached its network between February 14 and February 26, 2024, stole personal, account, and government-issued information, and deployed ransomware.
“During this time, the unauthorized party downloaded data from FBCS systems and encrypted some systems as part of a ransomware attack.”
The leak was initially believed to affect 1.9 million but a subsequent assessment in July increased the number to 4.2 million. Besides Comcast, the third-party ransomware attack also affected Truist Bank and CF Medical.
FBCS debt collection agency data breach impacts Comcast
Earlier, FBCS assured Comcast that the data breach did not affect customer information. A new data breach notification FBCS filed with the Office of the Maine Attorney General now says that 273,703 Comcast customers were impacted.
Although the leaked details varied by individual, they included the victims’ full names, dates of birth, Driver’s license numbers or IDs, Social Security Numbers (SSNs), and FBCS account IDs.
While Comcast terminated its working relationship with the debt collection agency in 2020, the leaked personal information dated as recently as 2021.
“The compromised information about you dates from around 2021, as FBCS is subject to data retention requirements beyond Comcast’s working relationship with FBCS,” the debt collection agency explained.
FBCS said it alerted Comcast of the data breach on July 17, 2024, and the duo started working together to understand the incident and notify relevant authorities. Therefore, an ongoing law enforcement investigation was not the reason for the delayed notification, FBCS said.
The Pennsylvania-based debt collection agency has as yet found no evidence that the threat actor misused the stolen information.
Nonetheless, it offered Comcast customers 12 months of complimentary credit monitoring through CyEx Identity Defense Complete as a precaution.
Meanwhile, the telecom giant faces a class action lawsuit from the FBCS data breach. A lawsuit filed in the US Eastern District of Pennsylvania accuses Comcast of failing to protect its customer information by as much as redacting personal details, properly vet FBCS, or warn class members of the debt collection agency’s “inadequate” security practices.
Comcast has experienced worse data breaches in the past. In late 2023, Comcast doing business as Xfinity learned it leaked the personal information of over 35 million people after hackers exploited a patched Citrix Bleed vulnerability CVE-2023-4966.

FBCS data breach also affects Truist Bank
The debt collection agency also notified California’s Office of the Attorney General that the data breach affected an unspecified number of Truist Bank customers and leaked personal information that varies by individual.
Impacted Truist Bank customers will benefit from 24 months of complimentary identity theft protection via Experian’s CSIdentity service.
The debt collector also advised impacted individuals to take additional steps to protect themselves from fraud by monitoring financial statements and credit reports.
FBCS data breach affects 620,000 CF Medical customers
In September 2024, CF Medical also confirmed the FBCS data breach exposed the personal and medical information of 620,000 customers.
Without disclosing the affected organization, FBCS said the data breach leaked protected health information, including clinical information such as diagnosis/medical conditions, medications, and treatment information. Insurance details such as medical claims, provider information, and health insurance information were also exposed.
CF Medical customers received notifications on September 26 and some victims were offered 12 months of identity theft protection.
Meanwhile, the Pennsylvania-based debt collection agency has clarified that the cybersecurity incident did not affect Comcast, Truist Bank, or CF Medical’s internal systems.