On July 23, 2024, Financial Business and Consumer Solutions, Inc. (FBCS), a financial business and consumer solutions company specializing in debt collection, filed its latest incident report update to the Office of the Maine Attorney General on the data breach that took place in February 2024. The breach which has impacted 3.2 million people in May 2024 has now increased to 4.2 million people in the U.S. as of July 2024. Amy Stratz, Executive Vice President of FBCS, in their notice of data event notification sent out to the impacted individuals, said, “On February 26, 2024, FBCS discovered unauthorized access to certain systems in its network. This incident did not impact computer systems outside of FBCS’s network.” Stratz further disclosed their actions on the incident, saying, “We immediately took steps to secure the impacted environment and launched an investigation with the assistance of third-party computer forensics specialists to determine the full nature and scope of the incident.” The investigation revealed that unauthorized individuals gained access to the environment between February 14 to February 26, 2024, allowing them to view or obtain specific information on the FBCS network. A comprehensive review of the information at risk and acquired was sensitive personal data such as full name, Social Security Number (SSN), date of birth, account information, driver’s license number or ID card, and medical information.

From a personal perspective, the recent update of the significant increase in the number of people affected by the FBCS data breach is indeed alarming. This incident serves as a reminder of the importance of strong cyber security procedures, especially for companies like FBCS Inc. that handle sensitive Personally Identifiable Information (PII). The fact that an unnamed threat actor was able to access information in FBCS’s IT systems for two weeks is deeply concerning. Additionally, the unknown identity of the threat actor and the fact that the stolen database is not on the dark web is a concern. It is not clear if the threat actor plans to use the stolen data for harmful activities like phishing or ransomware attacks, or if they are keeping the data for future use.

In conclusion, this incident highlights the critical need for strict cyber security protocols and practices, regular security audits, and continuous monitoring to detect and respond to threats promptly. It’s a wake-up call for all organizations to prioritize data security and privacy, given the potentially devastating consequences of data breaches.

#CyTech #CyberNews #CyberSecurity #CISO #CISOWorkplace #DataBreach #FBCS