Advertisement

Comcast says 230,000 customers affected by debt collection data breach

The bad actors obtained names, addresses, Social Security numbers, dates of birth, account numbers and more.

Flickr/Mike Mozart

Comcast is warning that hackers stole the personal data of more than 230,000 customers during a ransomware attack on a third-party debt collector, according to a court filing. The bad actors targeted a Pennsylvania-based debt collection agency called Financial Business and Consumer Solutions (FBCS.)

The attack occurred back in February, but Comcast claims that FBCS initially said that the incident didn’t involve any customer data. FBCS changed its tune by July, when it notified Comcast that customer information had been compromised, according to reporting by TechCrunch.

All told, 237,703 subscribers were impacted by the breach. The attackers were thorough, scooping up names, addresses, Social Security numbers, dates of birth, Comcast account numbers and ID numbers. Comcast says the stolen data belongs to customers who signed up with the company “around 2021.” It also says it has stopped using FBCS for the purposes of debt collection.

“From February 14 and February 26, 2024, an unauthorized party gained access to FBCS’s computer network and some of its computers,” the filing states. “During this time, the unauthorized party downloaded data from FBCS systems and encrypted some systems as part of a ransomware attack.”

No group has stepped forward to claim credit for the incident. FBCS has only referred to the attacker as an “unauthorized actor.” The debt collection agency was hit hard by this attack, with Comcast customers being just one group of victims. The company says more than four million people were impacted and that the cybercriminals accessed medical claims and health insurance information, in addition to standard identification data.

To that end, medical debt-purchasing company CF Medical confirmed that 600,000 of its customers were involved in the breach. Truist Bank also confirmed it was affected by the attack.

It’s notable that this incident primarily impacts debtors, opening them up to potential scams. Chris Hauk, consumer privacy advocate at Pixel Privacy, told Engadget that “the bad actors that get their paws on this information may use it to pose as debt relief agencies, which many turn to as a way out of their situation, meaning many of the involved debtors may be defrauded out of large sums of money, something they can ill-afford.”

In other words, keep an eye out for suspicious phone calls, emails and texts. This is good advice for anyone, and not just debtors who had data stored with FBCS. After all, it was revealed that hackers stole more than 2.7 billion records from American consumers earlier this year, which likely includes data on everyone who lives in the country.