The debt collection company Financial Business and Consumer Solutions (FBCS) recently informed the Maine Attorney General that a February 2024 breach that was earlier reported as impacting 1,955,385 persons has more than doubled the number of victims. In its fifth breach report that was filed with the Maine Attorney General, FBCS stated that 4,050,711 people are now identified as impacted, which include 7, 786 residents of Maine.
The data breach happened on February 14, 2024, and was identified after a few weeks on February 26, 2024. Third-party cybersecurity experts conducted a forensic investigation and reported that the breach only affected the FBCS systems. The attackers accessed those systems for more or less 2 weeks, and in that period, they may have obtained files that contained sensitive data.
FBCS initially informed the Maine Attorney General concerning the breach on April 26, 2024; nevertheless, the investigation was not finished. With the continuing investigation, the number of victims steadily increased. The notice to the Maine Attorney General does not say if the investigation is done, thus, more supplemental breach notices may be released.
FBCS offers its services to customers in several industries and helps to retrieve consumer credit, student loans, auto loans and leases, utility bills, and unpaid medical invoices. At the beginning of June, FBCS advised the HHS’ Office for Civil Rights that 209,227 people were affected. From that time on, two more notifications were sent to the Maine Attorney General. It is uncertain at this point if any additional protected health information (PHI) was compromised.
Data exposed in the incident include names, driver’s license numbers, non-driver’s license ID card numbers, Social Security numbers, bank account details, medical data, and birth dates. FBCS stated it was not aware of the improper use of any of that data; nevertheless, as a safety measure, free credit monitoring and identity restoration services were offered.
A number of debt collection companies have suffered cyberattacks that have allowed data theft, however, this FCBS data breach is still not yet the biggest. That record belongs to an American Medical Collection Agency, which encountered a cyberattack in 2021 that breached the information of over 24 million persons.