Hands holding a bunch of US dollars

Comcast and Truist Bank customers impacted by debt collector’s breach

A data breach at Financial Business and Consumer Solutions (FBCS), a US debt collection agency, has led to the loss of data of some Comcast Cable Communications and Truist Bank customers.

FBCS is in the business of collecting unpaid debts on behalf of its customers. The data breach occurred in February 2024 and the cybercriminals responsible for the incident gained access to:

  • Full names
  • Social Security Numbers (SSNs)
  • Date of birth
  • Account information and other provider information
  • ID card and/or driver’s license
  • Other state identification number
  • Medical claims information
  • Clinical information (including diagnosis/conditions, medications, and other treatment information), and/or health insurance information.

FBCS discovered the unauthorized access to certain systems in its network on February 26, 2024.

The latest count of impacted people, established in July, increased the number of people in the US impacted by the data breach from the original 1.9 million to 4.2 million people.

As part of the ongoing investigation, FBCS recently informed additional customers that the breach had impacted them and their clients. Among those customers are Comcast and Truist Bank.

Comcast commented that FBCS originally reassured the company that the breach involved none of Comcast’s customer data. However, that subsequently had to be revoked. According to a notice submitted to the Maine authorities, 273,703 Comcast customers were impacted by the breach.

Apparently, due to FBCS’s worsening financial position, which could be a direct result of the breach, entities indirectly impacted by the incident will have to undertake the notification and remediation processes themselves. Comcast is offering customers impacted by the FBCS breach 12 months of free-of-charge identity theft protection services.

Unfortunately, it’s not the first or even the worst time Comcast customers have been affected by a data breach.

In January 2023, data belonging to 7,358,464 Comcast customers was leaked on a hacking forum. The data contained names, usernames and additional personal information.

And in November 2015, a cybercriminal offered to sell listed 590,000 Comcast user account information for $1,000 on the Dark Web. At the time Comcast insisted that there was no breach and that only 200,000 of the leaked were active customers, and it was unclear if the data leak was indeed a security breach or a result of years of phishing.

Truist customers have also been impacted before. In October 2023, data reported to belong to Truist Bank, was stolen during a cyberincident. The stolen data included email addresses, phone numbers, birth dates, bank information, full names, company names, physical addresses, credit card information, and more. Like the Comcast breach, this data was publicly shared on the internet.

Scan for your exposed personal data

It’s always extra painful when a company you have done no direct business with has leaked your personal data. Sadly these days you can’t know who has your data, but you can check what personal information of yours has been exposed online with our Digital Footprint portal. Just enter your email address (it’s best to submit the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report.


We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.