Comcast Fined $1.5M by FCC Following 2024 Data Breach at Debt Collector FBCS that Exposed Customer Information
Published
Key Takeaways
- FCC fine: The FCC has fined Comcast $1.5 million following a data breach at a third-party vendor that exposed customer data.
- Vendor breach: The incident originated at FBCS, a former debt collection agency for Comcast, which suffered a data breach in 2024.
- Customer impact: Personal data of 237,000 current and former Comcast customers, including internet, TV, and home security users, was exposed in the breach.
The Federal Communications Commission (FCC) has imposed a $1.5 million fine on Comcast after a significant cybersecurity breach at Financial Business and Consumer Solutions (FBCS), a debt collection firm that Comcast had ceased using in 2022, exposing personal data from 237,703 Comcast customers.
The ransomware attack at FBCS was disclosed in August 2024 after the vendor filed for bankruptcy, and it also impacted Truist Bank, one of the largest banks in the U.S.
Details of the FCC Settlement and Comcast's Response
As part of the FCC settlement on the data breach, Comcast has agreed to implement a new compliance plan. This plan mandates enhanced vendor oversight practices specifically focused on strengthening customer data protection and information security protocols for all third-party partners.
In a public statement cited by Reuters, Comcast clarified that its systems were not compromised and the company "was not responsible” for this incident.
The company reiterated that its vendors, including FBCS, are contractually required to comply with its security requirements and affirmed its commitment to continually reinforcing its cybersecurity policies.
Implications for Third-Party Vendor Risk Management
This Comcast data breach fine underscores the critical regulatory and financial risks associated with third-party vendor relationships. Organizations are increasingly expected to ensure their partners maintain security standards commensurate with their own.
Recently, ShinyHunters claimed to have stolen Salesforce data via the third-party Gainsight, saying it impacted “almost 1,000” victims, and the 2025 Allianz Life ShinyHunters breach was linked to a social engineering attack on third-party CRM.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular