Comcast, the fourth-largest broadcasting and cable television company was hit by a data breach impacting at least 200,000 of its customers.
More specifically, the data breach happened at the Financial Business and Consumer Solutions (FBCS), a third-party service provider that was previously used by Comcast.
FBCS was hit by the data breach in February which allegedly exposed highly sensitive information of over 4.2 million people.
The data breach initially affected 1.9 million people, but the number later rose to 3.2 million and then 4.2 million.
The data incident divulged the names, addresses, social security numbers, and birthdates of thousands of its customers.
In a notice released to the public, the cable giant notified its former and present customers impacted by the data security incident.
Unauthorized personal data downloaded
The cable giant was first informed about the data breach in March but it was established that the consumer data was not impacted.
However, on July 17, 2024, FBCS informed Comcast that the data breach, which occurred between February 14 and 26, had impacted consumer data.
During this period, an unauthorized party accessed FBCS's computer network and systems as part of a ransomware attack.
Investigations revealed that Comcast’s customers' personal information was downloaded by the unauthorized actors.
The Federal Bureau of Investigation (FBI) was informed about the cyber attack. FBCS also sought help from third-party cybersecurity specialists to assess the full extent of the breach’s impact.
Now, Comcast is taking steps to support affected customers by offering complimentary identity theft protection services for about 12 months through membership in CyEx Identity Defense Complete. This also includes credit monitoring services.
The company is also urging its customers to remain alert for similar incidents of fraud or identifty theft and carry out steps to protect their accounts.
The identity of the unauthorized party that breached the data still remains unknown to the public.
Comcast was not the only company whose data was compromised but Truist Bank too was impacted as a result of a data breach at FBCS.
Truist Bank victim of FBCS data breach
Truist Bank, one of the largest banks in the United States (U.S.) and headquartered in North Carolina, was also a victim of the FBCS data breach.
The bank in a statement submitted to the Californian authorities stated:
"FBCS has indicated that the type of information that may have been impacted varies per person and may include consumer name, address, account number, date of birth, and Social Security number.”
Truist, with its extensive network of 2,700 branches across 15 states and 40,000 employees, could have a substantial number of customers affected by the data breach.
The bank was subjected to another data breach in October 2023. The data belonging to Truist Bank was stolen which included email addresses, phone numbers, birth dates, bank information, full names, company names, physical addresses, credit card information, and more.
The cyber attack was perpetrated by a malicious actor known as Sp1d3r, who also released some of Truist's data on an online hacking forum. Sp1d3r claimed to be selling the data of 65,000 employees for $1 million.
A spokesperson for Truist told Bleeping Computer that the cybersecurity incident was quickly contained.
“In partnership with outside security consultants, we conducted a thorough investigation, took additional measures to secure our systems, and notified a small number of clients last Fall,” added the bank representative.
According to Malwarebytes due to FBCS’s worsening financial position, which could be a direct result of the breach, entities indirectly impacted by the incident will have to undertake the notification and remediation processes themselves.
The number of data breaches in the U.S. witnessed a staggering rise from 447 in 2012 to more than 3,200 in 2023.
According to Statista, the fourth quarter of 2023 saw more than eight million records exposed worldwide.
FBI is currently investigating the FBCS cyber attacks. The protocol for cyber crime victims usually involves filing a report with the Internet Crime Complaint Center (IC3) when a breach is detected.
The agency advises against sending payments to unknown people or organizations that are seeking monetary support but instead pushes for immediate action.
