A significant data breach has impacted Financial Business and Consumer Solutions (FBCS), a debt collection agency, exposing the personal information of millions of Americans. Initially, FBCS estimated that 1.9 million people were affected, but this number rose to three million in June 2024.
On Feb. 26, FBCS discovered unauthorized access to its network systems, which did not affect systems outside of its network.
“Upon discovering this incident, we immediately took steps to secure the impacted environment and launched an investigation with the assistance of third-party computer forensics specialists,” FBCS stated.
The investigation revealed that unauthorized access occurred from Feb. 14 to Feb. 26 allowing the intruder to view or acquire certain information on the FBCS network.
The compromised data includes a wide range of sensitive information such as names, addresses, dates of birth, Social Security numbers, driver’s license numbers, other state identification numbers, medical claims information, provider information, clinical information (including diagnosis, medications, and treatment details), and health insurance information. However, FBCS clarified that the type of information affected varies per individual.
The impacted individuals were not notified until April, however, which is a significant delay.
“This notification was not delayed as a result of a law enforcement investigation,” the company emphasized, explaining that they were conducting their own investigation while notifying federal authorities.
“Upon discovering this incident, we immediately took steps to conduct a diligent investigation to confirm the nature and scope of the incident.”
In response, FBCS has implemented additional safeguards in a newly built environment and is now providing notice to potentially impacted individuals.
The company is also offering affected individuals 24 months of complimentary credit monitoring and identity restoration services to mitigate the risk of identity theft and fraud. This breach increases the risk of phishing, identity theft, and other social engineering attacks.
Affected individuals are advised to be cautious about sharing information and to monitor their bank accounts for suspicious activity.