Overdue Comcast clients beware: hackers may have your data

Last updated: 8 October 2024
Comcast telecoms
Andrew Harrer/Bloomberg via Getty Images.

US telecoms giant Comcast has notified hundreds of thousands of its customers whose data may have been stolen after attackers penetrated the company’s former service provider.

Over 237,000 Comcast customers were impacted after cybercrooks breached Financial Business and Consumer Solutions (FBCS), a company Comcast used for delinquent payments until 2020. Delinquent payment is a term Comcast uses to describe payments “not made by the due date.”

According to a breach notification letter the telecoms behemoth sent out to affected individuals, FBCS first told Comcast its customers were not impacted by the February 2024 ransomware attack. However, in mid-July, FBCS informed Comcast that an investigation into the attack revealed that the telecom provider and its customers were impacted.

ADVERTISEMENT

Comcast said that FBSC received the company’s customer data as it was employed as a third-party service provider. Interestingly, even though Comcast's claim to have stopped working with FBCS, the exposed customer data dates back to 2021. According to the telecoms provider, that’s because of the “data retention requirements” FBCS is subjected to.

According to the breach notification, overdue Comcast customers had the following details exposed:

  • Names
  • Addresses
  • Social Security numbers (SSNs)
  • Dates of birth
  • Comcast account and ID numbers

Having names and SSNs exposed can lead to an increase in cybercrime, such as phishing and fraud. However, Comcast has promised impacted individuals complimentary identity theft protections services for 12 months, an industry standard. Impacted individuals need to enroll in the services themselves.

FBSC suffered an attack in February 2024, with a staggering 4.2 million individuals having their data exposed. Interestingly, no ransomware cartel has taken credit for the attack, which could point to the company meeting the attackers’ ransom demands.

While the FBCS breach is what’s known as a “third-party breach” in the industry, Comcast has suffered some direct hits, too. For example, in late December 2023, Xfinity, Comcast‘s cable television and internet division, had its systems breached via a Citrix bug, with attackers accessing details of nearly 36 million customers.

Massive data leaks are becoming ever more present, with new data leaks and data breaches coming in daily. In August, millions of Americans' personal records appeared on illicit web forums. Attackers posted the details for free, as a show of power.

ADVERTISEMENT
Share
Post
Share
Share
Share
More from Cybernews
Jensen Huang’s quantum pivot: when tech leaders admit they’re wrong
Meta AI rolling out in Europe in the coming weeks
“They’re still sulking about the EU switching to USB C:” users react to Apple’s next iPhone plans
Rooting Android invites hackers: up to 3,000 times more vulnerable
Phishing campaign shifts focus to Macs after browsers enhance security on Windows
Links to the “free” TradingView version hide crypto-stealing malware on Reddit
ADVERTISEMENT
Leave a Reply

Your email address will not be published. Required fields are markedmarked