An American debt collection agency suffered a data breach at the end of February, resulting in the loss of sensitive data of almost two million people.
Earlier this week, Financial Business and Consumer Solutions (FBCS) sent a data breach notification letter to affected customers, explaining that unauthorized third parties gained access to its systems on February 14, 2024 and remained there until detected on February 26 and expelled.
During these two weeks, the unnamed threat actors collected sensitive information on nearly two million people (1,955,385), including full names, Social Security Numbers (SSN), dates of birth, account information, driver’s license numbers, and ID card numbers. All affected individuals are US citizens.
Next steps
There was no word on who the attackers were, how they gained access to the company’s infrastructure (whether through software vulnerabilities or credential phishing), or whether they demanded payment to keep the data private. No hacking group has taken responsibility for the breach.
FBCS explained the next steps and said it will do the usual: analyze the incident, tighten security, provide identity protection and credit monitoring to affected individuals and, ironically, provide advice on how to better protect themselves against identity theft and fraud.
“Furthermore, FBCS has notified federal law enforcement of the event. FBCS is also working to implement additional safeguards in a newly built environment,” the letter said.
“FBCS is providing access to credit monitoring services through Cyex for twelve months to individuals whose personal information may have been affected by this incident, at no cost to those individuals. In addition, FBCS provides affected individuals with advice on how to better protect themselves against identity theft and fraud, including advising individuals to report suspected incidents of identity theft or fraud to their credit card company and/or bank.”