Hands holding a bunch of US dollars

Debt collection agency FBCS leaks information of 3 million US citizens

The US debt collection agency Financial Business and Consumer Solutions (FBCS) has filed a data breach notification, listing the the total number of people affected as 3,226,631.

FBCS is a nationally licensed, third-party collection agency that collects commercial and consumer debts, with most of its activity involving the recovery of consumer debts on behalf of creditors. According to the official statement provided by FBCS, the exposed data includes:

  • Full names
  • Social security numbers
  • Birth dates
  • Account information
  • Drivers license or other state ID numbers

In some cases, it also includes medical claims information, provider information, and clinical information (including diagnosis/conditions, medications, and other treatment information), and/or health insurance information.

FBCS has sent data breach notifications to those affected, detailing what data was compromised and offering 12 months of free credit monitoring.

Protecting yourself after a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

  • Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
  • Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
  • Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
  • Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
  • Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
  • Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
  • Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Scan for your exposed personal data

You can check what personal information of yours has been exposed online with our Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.


Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.