The US Federal Communications Commission (FCC) has reached a $1.5 million settlement with Comcast Cable Communications following a data breach at a third-party vendor that exposed sensitive data of over 237,000 Comcast subscribers.
The breach stemmed from a February 2024 security incident at debt collector Financial Business and Consumer Solutions, Inc. (FBCS), a former Comcast contractor.
Comcast is one of the largest cable and broadband service providers in the United States, operating under the Xfinity brand. It serves tens of millions of residential and business customers through its offerings in internet, TV, streaming, mobile, and home security services.
The settlement resolves the agency's investigation into whether Comcast violated federal cable privacy laws, specifically sections 631(c) and (e) of the Cable Communications Policy Act of 1984. These provisions require cable providers to safeguard subscribers' personally identifiable information (PII) and to destroy it when no longer needed.
FBCS, a New Jersey-based debt collection agency, had previously been contracted by Comcast from 2010 to 2022 to handle delinquent accounts. During this period, Comcast shared customer PII with FBCS for debt recovery purposes. Although Comcast terminated its relationship with FBCS in 2020 and fully ended operations with them by 2022, sensitive subscriber data remained on FBCS systems.
In February 2024, FBCS experienced a cyberattack that compromised its network between February
Source: https://cyberinsider.com/fcc-fines-comcast-1-5-million-for-data-breach-exposing-client-pii/
TPRM report: https://www.rankiteo.com/company/comcast-cable-communications-management-llc
"id": "com1764303965.747911",
"linkid": "comcast-cable-communications-management-llc",
"type": "Breach",
"date": "2025-11-27T00:00:00.000Z",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'incident': {'affected_entities': [{'customers_affected': '237,000+ '
'subscribers',
'industry': 'Telecommunications',
'location': 'United States',
'name': 'Comcast Cable Communications '
'(Xfinity)',
'size': 'Large (tens of millions of '
'customers)',
'type': 'cable and broadband service '
'provider'},
{'customers_affected': None,
'industry': 'Financial Services',
'location': 'New Jersey, United States',
'name': 'Financial Business and Consumer '
'Solutions, Inc. (FBCS)',
'size': None,
'type': 'debt collection agency'}],
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Yes (PII exposed in '
'cyberattack on FBCS)',
'file_types_exposed': None,
'number_of_records_exposed': '237,000+',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['personally '
'identifiable '
'information '
'(PII)']},
'date_detected': '2024-02',
'description': 'The US Federal Communications Commission (FCC) '
'reached a $1.5 million settlement with Comcast '
'Cable Communications following a data breach at '
'a third-party vendor, Financial Business and '
'Consumer Solutions, Inc. (FBCS), which exposed '
'sensitive data of over 237,000 Comcast '
'subscribers. The breach occurred in February '
'2024 and involved PII shared with FBCS during '
'its tenure as a Comcast contractor (2010–2022). '
'The FCC investigated potential violations of '
'federal cable privacy laws (Sections 631(c) and '
'(e) of the Cable Communications Policy Act of '
'1984), which mandate safeguarding and destroying '
'PII when no longer needed.',
'impact': {'brand_reputation_impact': 'Potential reputational '
'damage due to exposure of '
"237,000+ subscribers' PII",
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': ['personally identifiable '
'information (PII)'],
'downtime': None,
'financial_loss': '$1.5 million (FCC settlement)',
'identity_theft_risk': 'High (PII exposed)',
'legal_liabilities': ['FCC investigation',
'settlement for violating '
'Sections 631(c) and (e) of the '
'Cable Communications Policy '
'Act of 1984'],
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': ['FBCS (Financial Business and '
'Consumer Solutions, Inc.) '
'network']},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Resolved (settlement reached)',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': ['Failure to ensure '
'third-party vendor '
'(FBCS) destroyed PII '
'after contract '
'termination',
'Inadequate oversight '
'of data retention '
'practices by '
'Comcast']},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'US Federal Communications Commission '
'(FCC)',
'url': None}],
'regulatory_compliance': {'fines_imposed': '$1.5 million (FCC '
'settlement)',
'legal_actions': ['FCC investigation'],
'regulations_violated': ['Sections '
'631(c) and '
'(e) of the '
'Cable '
'Communications '
'Policy Act '
'of 1984'],
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': 'Comcast Data Breach via Third-Party Vendor FBCS',
'type': ['data breach', 'third-party vendor compromise']}}