US debt collection company Financial Business and Consumer Solutions (FBCS) has experienced a data breach, exposing the information of more than 3.2 million Americans.
Threat actors accessed FBCS’ systems on Valentine’s Day, but the company didn’t realize the breach had occurred until Feb. 26. In a public notice, FBCS describes the incident as “unauthorized access to certain systems in its network.”
That public notice, however, did not happen until late April. Two other alerts went out in May.
“This notification was not delayed as a result of a law enforcement investigation,” the company says, adding that it was conducting its own probe into the breach and had notified federal law enforcement.
A wide range of personal information was exposed in the FBCS data breach. Names, addresses, dates of birth, Social Security numbers, driver’s license numbers, state ID numbers, medical claims data, and medical records are now vulnerable, according to the disclosure. But FBCS emphasizes that not every impacted individual will have all these data points leaked.
FBCS typically handles debt collection for business clients in the healthcare, student loan, auto loan, and credit industries. The US Federal Trade Commission encourages any individual whose information has been leaked in this data breach to notify them.
FBCS also suggests that impacted individuals look at their credit reports to determine if their identities may have been swiped to secure fraudulent lines of credit or otherwise compromise their identities. The debt collector is also offering free credit monitoring for those who may have been impacted through data breach response firm Cyex.