An American debt collection agency suffered a data breach in late February, losing sensitive data belonging to almost two million people.
Earlier this week, Financial Business and Consumer Solutions (FBCS) sent a data breach notification letter to affected customers, explaining that unauthorized third parties accessed its systems on February 14, 2024, and remained there until being spotted, and ousted, on February 26.
During these two weeks, the unnamed threat actors harvested sensitive information on almost two million people (1,955,385), including full names, social security numbers (SSN), birth dates, account information, driver’s license numbers, and ID card numbers. All affected individuals are U.S. citizens.
Next steps
There was no word on who the attackers were, how they accessed company infrastructure (whether it was via software vulnerabilities or credential phishing), or if they demanded payment to keep the data private. No hacking groups have taken responsibility for the breach.
Explaining its next steps, FBCS said it will do the usual – analyze the incident, tighten up on security, offer identity protection and credit monitoring to affected individuals and, ironically enough, provide guidance on how to better protect against identity theft and fraud.
“Further, FBCS notified federal law enforcement regarding the event. FBCS is also working to implement additional safeguards in a newly built environment,” the letter reads.
“FBCS is providing access to credit monitoring services for twelve months, through Cyex, to individuals whose personal information was potentially affected by this incident, at no cost to these individuals. Additionally, FBCS is providing impacted individuals with guidance on how to better protect against identity theft and fraud, including advising individuals to report any suspected incidents of identity theft or fraud to their credit card company and/or bank.”