Millions more victims exposed in debt collection agency data breach

Financial Business and Consumer Solutions breach is much bigger than thought

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The recentdata breach at debt collection agency Financial Business and Consumer Solutions (FBCS)was a lot bigger than initially thought, the company has revealed.

After first reporting some 1.9 million victims were affected in the incident, the company now says the actual number may be more than 4.2 million.

In late April 2024, it was reported that FBCS suffered a cyberattack two months prior, with the company noting in a breach notification letter sent to affected customers an unnamed threat actor dwelled in its IT systems for two weeks, harvesting people’s full names, social security numbers (SSN), birth dates, account information, driver’s license numbers, and ID card numbers.

Using the stolen files

Now, however, the company has issued a new supplemental notice with the Office of the Maine Attorney General increasing the number of affected people to 4,253,394 individuals.

The company started notifying the additional people, warning them of potential risks of phishing, identity theft, and online fraud. Furthermore, FBCS is offering two years of free credit and identity theft monitoring via CyEx. The same type of information was stolen on all individuals.

It is still unknown who pulled off the heist, since no hacking collectives assumed responsibility for the attack, nor did anyone find the database leaking anywhere on the dark web. Usually, threat actors would reach out to victim organizations and try to extort money, in exchange for deleting the archives.

If that fails, they would turn to the dark web, in an attempt to sell the archive to the highest bidder. Actively used email addresses, as well as personally identifiable information (PII), is valuable data that can be used in phishing, or even ransomware attacks.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Ultimately, if no other options bear fruit, the hackers can always leak it online to improve their credibility in the cybercriminal community.

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Rising AI threats are making firms turn back to human intelligence

Thousands of employees could be falling victim to obvious phishing scams every month

Warhammer 40,000: Darktide is coming to PS5 with PS5 Pro support at launch