Financial Business and Consumer Solutions (FBCS) is a privately owned accounts management and collection services corporation. It is a significant debt collection agency, providing resources for consumer and commercial industries to garner retribution for past debts. In line with data sovereignty principles, FBCS ensures that data is stored and processed within the jurisdiction it originates from. In February, FBCS officials discovered unauthorized access within their systems.
According to the consumer impact notice published on the Maine Attorney General’s website, are available limited details about the incident due to ongoing investigations. The notice implies that the threat actor accessed the FBCS systems and accessed specific files within the network during the 12-day attack. How the threat actors made the attack successful is not yet determined.
Progress Software announced the MOVEit breach on May 31st, 2023, prompting investigations from thousands of companies. Fiserv was included in this group, resulting in the eventual discovery of threat actors within their servers. Around November 3rd, Fiserv notified BFCU of the event and, later that month, began sending notifications to those potentially impacted.
This breach impacts individuals who have accounts with FBCS; this means the organization’s debtors, clients, and associates are at risk for data exposure following the incident. As the internal investigations continue, officials may send additional impact letters in waves.
According to the report filed with Maine, the impact figure is nearing two million individuals: 1,955,385. However, as investigations conclude, this number may increase, especially if other organizations begin to report account breaches.