Debt collection agency Financial Business and Consumer Solutions (FBCS) has revealed that the number of people impacted by the data breach that occurred in February has risen to 4.2 million. This update on the FBCS data breach comes through a new supplemental notice to the Office of the Maine Attorney General, further escalating the previously reported figures.
In its latest notice filed to the Office of the Maine Attorney General, FBCS reported that the data breach now affects 4,253,394 individuals.
Initially disclosed in late April, the firm reported that approximately 1.9 million individuals had their sensitive personal information compromised during the FBCS data breach. This number was increased to 3.2 million in May, and now, the company has again raised the total by an additional 1 million.
Types of Exposed Information in FBCS Data Breach
On July 23, 2024, FBCS began sending out new data breach notifications to the additional affected individuals. The notification highlighted the increased risks and provided guidance on protective measures. The notice explicitly mentions the continuous efforts by FBCS to identify and notify more impacted individuals. Specifically, two more residents in Maine were notified, bringing the total number of potentially impacted residents in Maine to 7,841.
The FBCS data breach has resulted in the exposure of varying types of personal information for different individuals, including:
- Full name
- Social Security Number (SSN)
- Date of birth
- Account information
- Driver’s license number or ID card
- Medical information
These sensitive details have been potentially accessed, increasing the risk of phishing and fraud for those affected.
Details of Data Breach at FBCS
FBCS first discovered unauthorized access to its systems on February 26, 2024. The data breach at FBCS was confined to their internal network, and the company took immediate steps to secure the impacted environment. Third-party computer forensic specialists were engaged to conduct a thorough investigation, which revealed that the unauthorized access occurred between February 14 and February 26, 2024. During this period, the unauthorized actor could view or acquire sensitive information on the FBCS network.
It remains unclear what type of attack led to the data breach, as no ransomware gangs have claimed responsibility. FBCS has stated only that they detected unauthorized access to their internal network.
Company Response and Preventive Measures
Upon discovering the breach, FBCS promptly secured the environment and initiated a comprehensive investigation. They undertook a thorough review of the data at risk to determine the scope of the breach and identify the individuals potentially affected. In line with their commitment to information security, FBCS has implemented additional safeguards in a newly built environment.
As part of their response, FBCS is offering affected individuals access to complimentary credit monitoring and identity restoration services for 24 months through CyEx. The company is providing detailed instructions on how to enroll in these services, urging recipients to take immediate action to protect their personal information.
Steps for Affected Individuals
- Enroll in Credit Monitoring Services: Recipients of the FBCS data breach notification are encouraged to enroll in the free credit monitoring and identity restoration services offered by FBCS. This service, provided through CyEx, is designed to help protect against identity theft and fraud.
- Monitor Financial Accounts: FBCS advises affected individuals to remain vigilant against incidents of identity theft and fraud. This includes regularly monitoring account statements to detect any errors and reviewing credit reports for suspicious activity.
- Report Suspicious Activity: Any fraudulent activity or suspected identity theft should be promptly reported to the relevant financial institution and law enforcement authorities. FBCS has included instructions on how to file a complaint with the Federal Trade Commission (FTC) and encourages individuals to take these steps.
- Consider Placing Fraud Alerts or Security Freezes: Affected individuals may also consider placing a fraud alert or security freeze on their credit reports. Fraud alerts inform creditors of potential fraudulent activity and request that they contact the individual before establishing new accounts. Security freezes can prevent new credit from being opened without the use of a PIN, although it may delay the ability to obtain credit.
- Conclusion
The data breach at FBCS highlights the ongoing challenges organizations face in protecting sensitive personal information. As the situation evolves, those impacted are encouraged to take the necessary steps to safeguard their personal information and stay alert to potential threats.