Financial Business and Consumer Solutions Discloses Major Breach Effecting Over 3 Million Americans.
Financial Business and Consumer Solutions (FBCS), a Pennsylvania-based debt collection agency, disclosed a major data breach in February that impacted over 3.2 million Americans.
FBCS first disclosed the breach on April 26th, revealing that under 2 million people had been impacted. However, in additional disclosures to state authorities in May and last week, FBCS said the breach actually affected 3,226,631 individuals.
The stolen data varied for each victim but included sensitive personally identifiable information like names, dates of birth, Social Security numbers, addresses, driver’s license numbers, medical claims information, health insurance details and more – the type of data sought by cybercriminals to facilitate identity theft.
While FBCS discovered the unauthorized access on February 26th, the breach had begun as early as February 14th. However, the company did not begin notifying victims until April 26th, over two months later. State data breach laws typically require notification within 30 days, though delays are allowed for law enforcement investigations – which FBCS stated was not a factor in their delayed response.
At least 14 lawsuits have since been filed against FBCS by victims, with allegations that the company failed to adequately protect customer data despite claims of data security being a “top priority.” FBCS has not responded to these allegations as of yet.
Impact on Debt-Ridden Consumers
As a debt collection agency, FBCS handles highly sensitive financial and personal information on millions of Americans struggling with debt. This makes such organizations an appealing target for cybercriminals looking to profit from stolen identities.
Security experts note that while FBCS is offering free credit monitoring, impacted individuals cannot as easily change dates of birth or Social Security numbers stolen in a breach. The pilfered “lifelong” personal details place victims at continued risk of identity theft and financial fraud long-term.
Debt collectors have faced other major breaches in recent years. In 2022, another agency – Receivables Performance Management (RPM) – disclosed a breach that had gone undetected for 18 months, affecting 3.7 million people. A class action lawsuit against RPM regarding this incident is ongoing.
Concerns over Collection of Sensitive Data
Given the vast amounts of vulnerable consumer data in their possession, debt collectors present a prime target for digital thieves. Experts argue they must exercise great care in collecting and safeguarding such sensitive financial and health information.
While credit monitoring may help mitigate near-term risks for those impacted, the leaked details from the FBCS breach have lifetime implications for over 3 million Americans already struggling with debt that could be exploited by ill-intentioned actors at any time.
As legal action against FBCS moves forward and regulators potentially investigate its delayed response, the full fallout from this massive data breach continues to unfold – though its victims may face financial repercussions for years to come. The FBCS debt collector data breach incident serves as an important reminder of the need for responsible data practices across all industries handling consumers’ personal records.