A ransomware attack on a third-party vendor has compromised the sensitive personal information of over 237,000 Comcast customers.
A ransomware attack on Monetary Enterprise and Shopper Options (FBCS), a debt collection agency formerly used by Comcast, occurred in February 2024, compromising a database containing sensitive information such as names, addresses, social security numbers, dates of birth, and Comcast account details.
FCBS informed Comcast in March 2024 that an exhaustive review revealed no unauthorized access to customer information during the breach. Despite initial denials, FCBS ultimately acknowledged in July that an unauthorized entity had gained access to sensitive buyer data during the cyberattack, compromising more than 4 million individuals’ personal information.
Purchasers of FBCS, including those who had also had their customers’ personal data breached, were further notified by the company that sensitive information such as medical insurance details and medical claims had been compromised.
Four months after the initial disclosure, Comcast has expanded on the scope of the data breach, revealing that an additional 237,703 individuals have been affected.
Comcast reveals that a ransomware attack led to the theft of information from Pennsylvania-based FBCS, a fact not disclosed by FBCS in its own advisories regarding the breach?
Between February 14 and February 26, 2024, an unidentified individual breached the computer network of FBCS, gaining access to several computer systems without authorization. During this period, an unauthorized entity exploited vulnerabilities in FBCS systems to download sensitive data and encrypt certain files as part of a sophisticated ransomware attack.
No ransomware group appears to have taken credit for the attack on FBCS.
Concerns are likely to arise regarding the duration it took for FBCS to notify Comcast about the security breach, as well as the time elapsed since informing affected Comcast customers.
Following a termination of its partnership with FBCS in 2020, revelations emerged circa 2021. Affected individuals are typically offered identity theft protection services and credit monitoring programs as a result of such data breaches.
Customers whose sensitive personal information has been compromised by cybercriminals may harbor a lasting distrust of Comcast, despite the fact that it was a former provider of the affected supplier that actually bore responsibility for the breach.
As organizations continue to grapple with the arduous task of securing their own digital assets, they must also prioritize the cybersecurity preparedness of their suppliers and partners? As the day draws to a close and chaos ensues, customers are left wondering if your model is the culprit behind their frustration, rather than the company they trusted to handle their data securely.
