In a significant regulatory enforcement, Comcast Corporation has agreed to pay a $1.5 million fine after a data breach at one of its former vendors exposed sensitive personal information from approximately 237,000 current and former customers. The Federal Communications Commission (FCC) disclosed that the breach occurred in 2024 and involved the debt collection agency Financial Business and Consumer Solutions (FBCS), which Comcast engaged until 2022.
Unauthorized Access Led to Data Exposure
The breach began in February 2024, when unauthorized access was detected within FBCS’s computer network. This cyberattack led to the exfiltration and encryption of substantial customer data, including names, addresses, Social Security numbers, dates of birth, and Comcast account identifiers. The breach presented significant risks of identity theft and financial fraud for those affected.
FCC Investigation and Settlement
Following investigations, the FCC noted that FBCS had filed for bankruptcy shortly before disclosing the breach. As part of the settlement, Comcast has committed to implementing a compliance program encompassing enhanced vendor oversight, stricter customer privacy protections, and improved information security practices. While Comcast did not admit wrongdoing, it affirmed dedication to strengthening cybersecurity across its operations.
Customer Support and Preventive Measures
In response to the breach, Comcast initiated notification processes to alert impacted individuals and offered free identity theft protection services, including credit monitoring for 12 months. Customers are urged to monitor their financial accounts closely and enable two-factor authentication on their Comcast accounts to mitigate risks. Legal experts highlight the incident as a reminder of the importance of vetting vendors and ensuring robust data security protocols.
