Bleeping Computer reports that nationally licensed debt collection agency Financial Business and Consumer Solutions (FBCS) has updated its breach disclosure to indicate that more than 3 million people were affected by a breach in February. FBCS, which collects debts involving consumer credit, auto loans and leases, student loans, commercial, and healthcare, initially reported in April that 1.9 million people were affected. In May, however, they amended their report to more than 2.6 million and then amended it again to 3.2 million.
The incident involved unauthorized access to FBCS’s system between February 14 and February 26, with data exfiltrated. As Bleeping Computer reports, the information involved included:
- Full name
- Social Security Number (SSN)
- Date of birth
- Account information
- Driver’s license number or ID card
As of this publication, no threat actor or group appears to have claimed responsibility for this attack, leaked any data, or posted data for sale from this incident, but given the amount and types of information, it would not be unlikely to see data from the incident either misused or put up for sale on a forum or marketplace.