Comcast data breach exposed thousands of SSNs

The Comcast data breach has exposed the personal information of over 237,700 customers, including names, addresses, social security numbers, and birthdates. The breach originated from a security incident at Financial Business and Consumer Solutions (FBCS), a debt collection agency previously utilized by Comcast, according to a report filed with the state of Maine.

FBCS disclosed that the breach occurred in February 2024, compromising the sensitive information of more than 4.2 million individuals. In July, FBCS notified Comcast that their customer data had also been affected, revealing that an “unauthorized party” had downloaded information from FBCS’s systems and encrypted portions of its network as part of a ransomware attack.

Comcast clarified that the data exposed in this breach dates back to around 2021, despite having ended its business relationship with FBCS in 2020. Additionally, Truist Bank reported that some of its customers were also impacted by the FBCS breach. In response, Comcast is offering identity theft protection and credit monitoring services to those affected by the incident.

What type of sensitive data was exposed in the Comcast breach?

The data breach involving Comcast exposed highly sensitive personal information, including customer names, addresses, social security numbers, and birthdates. This type of data is particularly concerning because it opens the door to identity theft and fraud, making it crucial for affected individuals to take immediate protective measures. With over 237,700 Comcast customers affected, the breach has raised serious concerns about the security of consumer data and the long-term impact on privacy.

How did the breach at FBCS impact Comcast customers?

The security breach at Financial Business and Consumer Solutions (FBCS), a debt collection agency Comcast used previously, directly impacted over 237,700 Comcast customers. As part of the breach, an unauthorized party accessed and downloaded sensitive information from FBCS’s systems, potentially putting customers at risk of identity theft. While Comcast had ceased its partnership with FBCS in 2020, customer data dating back to 2021 remained vulnerable and was part of the compromised information. In response, Comcast is offering identity theft protection and credit monitoring services to all affected individuals, aiming to mitigate the risks stemming from the breach.

Although the breach occurred in February 2024, FBCS did not notify Comcast until July 2024 When did FBCS inform Comcast about the data breach?

Although the breach occurred in February 2024, FBCS did not notify Comcast until July 2024, a significant delay in reporting the incident. This delay is critical, as it left Comcast customers’ sensitive information exposed for several months before any protective measures could be put in place. The late notification also raises questions about FBCS’s internal processes for detecting and reporting security breaches, as well as how quickly affected parties can respond to potential harm.

What caused the FBCS security breach?

The breach at FBCS was the result of a ransomware attack. During the incident, an unauthorized party managed to infiltrate FBCS’s systems, where they downloaded data and encrypted parts of the system. This type of attack not only involves the theft of sensitive data but also disrupts the victim’s operations by making critical information inaccessible unless a ransom is paid. The attack highlights the growing threat posed by ransomware to organizations that store large amounts of personal data, as well as the need for robust cybersecurity measures to prevent such incidents.

The Comcast data breach has exposed the personal information of over 237,700 customers How long has the exposed Comcast data been stored with FBCS?

Although Comcast stopped using FBCS’s services in 2020, the data that was exposed during the breach dates from around 2021. This indicates that the sensitive information of Comcast customers was still in FBCS’s possession, despite the end of their business relationship. The retention of this data beyond the termination of services raises questions about data management practices and the responsibilities of companies to safeguard customer information even after their partnership has ended.

Both Comcast and its customers are now facing the fallout of these vulnerabilities.

Image credits: Kerem Gülen/Midjourney