Science and TechData Privacy and Cybersecurity

Actions

Data breach at a collections agency impacted nearly 240,000 Comcast users

The third-party agency initially thought Comcast subscribers weren't impacted by the data breach that happened earlier this year.
A Comcast service truck
Posted
and last updated

Nearly 240,000 Comcast customers had their personal information exposed in a data breach earlier this year, including social security numbers and addresses.

The breach happened at a third-party collection agency Comcast had worked with up until 2020, Financial Business and Consumer Solutions (FBCS).

According to information from the Office of the Maine Attorney General, the data breach happened on Feb. 26 and FBCS initially believed Comcast subscribers were not impacted. However, the company learned on July 17 that was not the case.

RELATED STORY | 23andMe agrees to $30 million settlement after data breach affected nearly 7 million users

FBCS said “an unauthorized party” gained access to its computer network and some of its computers and downloaded data from its systems. The hacker also encrypted some systems as part of a ransomware attack, FBCS said.

The agency said it launched an investigation with the assistance of third-party cybersecurity specialists and discovered that the files downloaded by the unauthorized party contained personal information.

FBCS notified Comcast about the breach on March 13 and alerted the FBI. The security solely affected FBCS systems and not Comcast or Xfinity.

Comcast notified its impacted customers — all 237,703 of them — in a notice letter on Aug. 16. Those impacted were offered 12 months of complimentary identity theft protection services.

RELATED STORY | Xfinity data breach affected millions of customers, company says

Information that was downloaded by the “unauthorized party” included names, addresses, social security numbers, dates of birth and Comcast account numbers, the company said.

Last December, Comcast announced a major data breach at internet provider Xfinity that may have compromised personal information from nearly 36 million accounts. A vulnerability by one of its software providers, Citrix, exposed usernames and passwords as well as contact information for some customers.