In a data breach notification filed late last week, Financial Business and Consumer Solutions (FBCS) disclosed that the company suffered a data breach after discovering unauthorized access to its network impacting 1,955,385 individuals in the US.
According to the US licensed debt collection agency, on February 26, 2024, it discovered that attackers had breached their network on February 14, and the unauthorized actors had the ability to view or acquire certain information during that time.
FBCS specializes in debt collection from consumer credit, healthcare, commercial, auto loans and leases, student loans, and utilities. The data that the intruders could have accessed includes:
- Full names
- SSNs
- DOBs
- Account information
- Driver’s license numbers or ID cards
FBCS says it has implemented additional security measures in a newly built environment to prevent similar incidents from occurring in the future.
BullWall Executive, Carol Volk had this comment:
“The FBCS breach of PII of nearly two million individuals underscores the high value attackers place on this data. PII is often used for credential stuffing attacks and statistics reveal that over 80% of breaches involve compromised credentials, emphasizing the need for strong authentication and security measures.
“This incident is a stark reminder that data breaches are nearly inevitable given the vast amount of personal information available to attackers. FBCS’s response, implementing enhanced security in a new environment, is vital but not sufficient. Organizations must integrate robust data containment systems as well as endpoint detection and response (EDR) solutions to limit damage and allow swift responses to breaches.”
Dave Ratner, CEO, HYAS:
“Some may look at this event and say that identifying and stopping the breach only twelve days later is a good response, but in reality it highlights just how damage can be caused in a relatively short time. It’s critical that organizations of all sizes implement cyber resiliency approaches that are capable of detecting breaches in real time, because detecting them even a small number of weeks later is too late.”
It’s easy to see where this data breach is going to go. Threat actors will use the information gained in this attack to launch secondary attacks which will comprise anything from phishing, to scams, to extortion. This isn’t going to end well for any of the two million people affected by this. And as for FBCS, the fact that they have (allegedly) mitigated this sort of thing from happening in the future is meaningless. Especially for those who have been affected.
Like this:
Like Loading...
Related
This entry was posted on May 1, 2024 at 8:42 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Debt Collector Pwned… 2 Million People Affected
In a data breach notification filed late last week, Financial Business and Consumer Solutions (FBCS) disclosed that the company suffered a data breach after discovering unauthorized access to its network impacting 1,955,385 individuals in the US.
According to the US licensed debt collection agency, on February 26, 2024, it discovered that attackers had breached their network on February 14, and the unauthorized actors had the ability to view or acquire certain information during that time.
FBCS specializes in debt collection from consumer credit, healthcare, commercial, auto loans and leases, student loans, and utilities. The data that the intruders could have accessed includes:
FBCS says it has implemented additional security measures in a newly built environment to prevent similar incidents from occurring in the future.
BullWall Executive, Carol Volk had this comment:
“The FBCS breach of PII of nearly two million individuals underscores the high value attackers place on this data. PII is often used for credential stuffing attacks and statistics reveal that over 80% of breaches involve compromised credentials, emphasizing the need for strong authentication and security measures.
“This incident is a stark reminder that data breaches are nearly inevitable given the vast amount of personal information available to attackers. FBCS’s response, implementing enhanced security in a new environment, is vital but not sufficient. Organizations must integrate robust data containment systems as well as endpoint detection and response (EDR) solutions to limit damage and allow swift responses to breaches.”
Dave Ratner, CEO, HYAS:
“Some may look at this event and say that identifying and stopping the breach only twelve days later is a good response, but in reality it highlights just how damage can be caused in a relatively short time. It’s critical that organizations of all sizes implement cyber resiliency approaches that are capable of detecting breaches in real time, because detecting them even a small number of weeks later is too late.”
It’s easy to see where this data breach is going to go. Threat actors will use the information gained in this attack to launch secondary attacks which will comprise anything from phishing, to scams, to extortion. This isn’t going to end well for any of the two million people affected by this. And as for FBCS, the fact that they have (allegedly) mitigated this sort of thing from happening in the future is meaningless. Especially for those who have been affected.
Share this:
Like this:
Related
This entry was posted on May 1, 2024 at 8:42 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.