A massive data breach has hit Financial Business and Consumer Solutions (FBCS), a debt collection agency, exposing the personal information of millions of Americans. FBCS specializes in recovering charged-off consumer and commercial debts, such as car loans, healthcare bills, utility bills, student loans, and credit cards.
Initially, around 1.9 million individuals were reported affected by the breach, but this number was raised to 3 million in June 2024. The breach has leaked sensitive consumer data, including full names, Social Security numbers (SSNs), dates of birth, and driver’s license or ID card numbers. FBCS has notified the affected individuals and relevant authorities.
According to a data breach notification shared with authorities, threat actors accessed FBCS' systems on Valentine's Day, but the breach wasn't detected until February 26. FBCS described the incident as "unauthorized access to certain systems in its network."
Worryingly, FBCS did not send out notifications about the breach until late April. The company clarified that this delay was not due to a law enforcement investigation but because they were conducting their own probe while notifying federal authorities.
The notification revealed that the leaked information could include names, addresses, dates of birth, Social Security numbers, driver’s licenses, state IDs, medical claim information, and medical records. However, FBCS noted that not all affected individuals would have all of this information exposed.
In response to the breach, FBCS has taken several measures. "Upon discovering this incident, we immediately took steps to conduct a diligent investigation to confirm the nature and scope of the incident. As part of FBCS’s ongoing commitment to the security of information on our platform, we also implemented additional safeguards in a newly built environment," the company stated in the notification.
FBCS is also offering affected individuals a free 24-month credit monitoring and identity restoration service. Given the increased risk of phishing, identity theft, and other social engineering attacks following this breach, individuals are advised to be cautious about sharing information and to closely monitor their bank account activity for any suspicious transactions.