Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Hackers stole extensive personal information, including Social Security numbers, from over 237,000 Comcast customers in a breach of a third-party debt collector, TechCrunch reported.
The breach affects Comcast customers whose information was stored at the debt collector, Financial Business and Consumer Solutions (FBCS), “around 2021,” according to a breach report Comcast filed with the Maine attorney general’s office. The incident illustrates the problem of third-party risk, as Comcast is just one of several organizations affected by the incident other than FBCS itself.
Comcast wrote FBCS had first notified them of a breach in March 2024 and launched an investigation; FBCS later disclosed customer information was stolen in July. In addition to social security numbers, the data lost includes names, addresses, dates of birth, and Comcast/FBCS account numbers.
Since FBCS claimed to lack the financial means to purchase credit monitoring services for victims, Comcast wrote in the filing, it has stepped in to do so.
“This security incident occurred entirely at FBCS and not at Xfinity or on Comcast systems,” the report stated. “FBCS notified Comcast that due to its current financial status, it would no longer [be] able to provide notices or credit monitoring protection to individuals impacted by the incident.”
Comcast has not worked with FBCS since 2020, according to the filing.
FBCS had previously acknowledged in prior filings in Maine that hackers may have accessed data belonging to four million people, TechCrunch wrote, and that hackers may have taken some medical claims information. Other parties known to have been affected by the breach include CF Medical and Truist Bank.
Attacks on third-party providers often cause rippling effects for customers ranging from outages to compromised credentials. A 2023 report by cybersecurity rating firm SecurityScorecard and the Cyentia Institute found 98% of surveyed organizations had worked with a vendor that experienced a breach in the two years prior. Other research by SecurityScorecard has emphasized global external attack surfaces tend to be disproportionately clustered around relative handfuls of products and service providers, which in turn attract a high volume of attacks.
Comcast did not immediately respond to a request for comment from IT Brew.