Comcast Corporation faced a severe data breach in 2024 due to a cyberattack on its former vendor, **Financial Business and Consumer Solutions (FBCS)**, a debt collection agency. Unauthorized actors gained access to FBCS’s network, exfiltrating and encrypting sensitive personal data of **237,000 current and former Comcast customers**, including **names, addresses, Social Security numbers, dates of birth, and Comcast account identifiers**. The breach exposed victims to high risks of **identity theft and financial fraud**, compounded by FBCS’s bankruptcy filing shortly before disclosure.The **FCC imposed a $1.5 million fine** on Comcast, which, while not admitting liability, agreed to enhance **vendor oversight, privacy protections, and cybersecurity measures**. Affected customers received **12 months of free credit monitoring and identity theft protection**, alongside advisories to enable **two-factor authentication** and monitor financial accounts. The incident underscores critical vulnerabilities in third-party vendor security and the cascading risks of inadequate data protection protocols.
Source: https://the420.in/comcast-15-million-fine-vendor-data-breach-consumer-data-exposure/
Comcast cybersecurity rating report: https://www.rankiteo.com/company/comcast
"id": "COM45102545112625",
"linkid": "comcast",
"type": "Breach",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '237,000',
'industry': 'telecommunications',
'location': 'United States',
'name': 'Comcast Corporation',
'size': 'large',
'type': 'corporation'},
{'industry': 'financial services',
'name': 'Financial Business and Consumer Solutions '
'(FBCS)',
'type': 'vendor (debt collection agency)'}],
'attack_vector': 'unauthorized access to vendor (FBCS) network',
'customer_advisories': ['Monitor financial accounts for fraudulent activity',
'Enable two-factor authentication on Comcast accounts',
'Utilize provided 12-month credit monitoring service'],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'number_of_records_exposed': '237,000',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (SSNs, dates of birth, account '
'details)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'account identifiers']},
'date_detected': '2024-02',
'description': 'In a significant regulatory enforcement, Comcast Corporation '
'agreed to pay a $1.5 million fine after a data breach at its '
'former vendor, Financial Business and Consumer Solutions '
'(FBCS), exposed sensitive personal information of '
'approximately 237,000 current and former customers. The '
'breach occurred in February 2024 and involved unauthorized '
'access, exfiltration, and encryption of customer data, '
'including names, addresses, Social Security numbers, dates of '
'birth, and Comcast account identifiers. The FCC investigation '
'led to a settlement requiring Comcast to implement enhanced '
'vendor oversight, stricter privacy protections, and improved '
'security practices. Comcast notified affected individuals and '
'offered free identity theft protection services, including 12 '
'months of credit monitoring.',
'impact': {'brand_reputation_impact': 'moderate (regulatory enforcement, '
'public disclosure)',
'data_compromised': ['names',
'addresses',
'Social Security numbers',
'dates of birth',
'Comcast account identifiers'],
'financial_loss': '$1.5 million (FCC fine)',
'identity_theft_risk': 'high (exposed PII)',
'legal_liabilities': '$1.5 million FCC fine',
'systems_affected': ['FBCS computer network']},
'initial_access_broker': {'entry_point': 'FBCS computer network',
'high_value_targets': ['customer PII',
'Comcast account '
'identifiers']},
'investigation_status': 'resolved (FCC settlement reached)',
'lessons_learned': ['Importance of vetting third-party vendors for '
'cybersecurity risks',
'Need for robust data security protocols in vendor '
'contracts',
'Proactive customer support (e.g., credit monitoring) '
'mitigates reputational damage'],
'post_incident_analysis': {'corrective_actions': ['Implementation of '
'compliance program with '
'enhanced vendor oversight',
'Stricter customer privacy '
'protections',
'Improved information '
'security practices across '
'operations'],
'root_causes': ['Inadequate vendor cybersecurity '
'oversight by Comcast',
'FBCS network vulnerabilities '
'leading to unauthorized access',
'Lack of proactive monitoring for '
'exfiltration attempts']},
'ransomware': {'data_encryption': True, 'data_exfiltration': True},
'recommendations': ['Implement stricter vendor cybersecurity audits',
'Enhance encryption and access controls for sensitive '
'customer data',
'Expand customer education on two-factor authentication '
'and fraud monitoring'],
'references': [{'source': 'Federal Communications Commission (FCC)'}],
'regulatory_compliance': {'fines_imposed': '$1.5 million',
'legal_actions': ['FCC settlement agreement'],
'regulations_violated': ['FCC regulations (customer '
'privacy)'],
'regulatory_notifications': ['FCC investigation and '
'disclosure']},
'response': {'communication_strategy': ['public disclosure via FCC',
'customer notifications',
'advisories for two-factor '
'authentication'],
'incident_response_plan_activated': True,
'recovery_measures': ['customer notifications',
'free identity theft protection (12-month '
'credit monitoring)'],
'remediation_measures': ['enhanced vendor oversight',
'stricter customer privacy protections',
'improved information security '
'practices']},
'stakeholder_advisories': ['FCC public disclosure',
'customer notifications with identity theft '
'protection offers'],
'title': 'Comcast Data Breach via Former Vendor FBCS Exposes 237,000 Customer '
'Records',
'type': ['data breach', 'unauthorized access', 'ransomware-like encryption']}