2 million hit in massive debt collector data breach — full names, birth dates and SSNs exposed

An open lock depicting a data breach
(Image credit: Shutterstock)

Having a loan or bill go to collections is bad enough as it is, but now one of the largest debt collection agencies in the U.S. has revealed that it has fallen victim to a data breach in which borrower information was exposed online.

As reported by BleepingComputer, Financial Business and Consumer Solutions (FBCS) has begun notifying impacted individuals after the sensitive personal information of approximately 1,955,385 people was recently accessed by hackers.

As a nationally licensed debt collection agency, FBCS collects unpaid debts from credit card companies, healthcare organizations, car dealerships, student loans and utilities. However, unlike with the other companies you do business with, if one of your loans or bills has ended up in FBCS’ hands, you’re stuck with them.

Here’s everything you need to know about this recent data breach along with some tips and tricks on how to stay safe after your personal or financial information ends up in the hands of hackers.

Unauthorized network access

A hacker typing quickly on a keyboard

(Image credit: Shutterstock)

In a data breach notice (PDF) submitted to the Attorney General’s office in Maine, FBCS explained that hackers first breached its network on February 14. The unauthorized actor remained there until February 26 and during that time, they were able to “view or acquire certain information on the FBCS network.”

During that 12-day window, they could have accessed the full names, Social Security numbers (SSNs), dates of birth, account information and driver’s license numbers or ID card numbers of almost 2 million Americans.

With this information in hand, the hackers behind this breach can easily launch targeted phishing attacks, commit fraud or use social engineering for identity theft. While FBCS hasn’t provided impacted individuals with free access to one of the best identity theft protection services, it has enrolled them for 12 months of credit monitoring through the company Cyex.

At the same time, the company also says that it has implemented additional security measures in a new environment to prevent incidents like this one from occurring going forward.

How to stay safe after a data breach

Best antivirus software

(Image credit: Shutterstock)

If you received a data breach notification like the one linked above, the first thing you should do is to take advantage of FBCS’ offer for 12 months of credit monitoring. This way, if your SSN or other personal information is used to commit fraud or even identity theft, you’ll be alerted right away.

While access to an actual identity theft protection service would have been better, credit monitoring services can still be useful as a warning sign. Likewise, you also want to keep a close eye on all of your financial transactions and bank statements to make sure that no one else is using your accounts.

Since so much personal information was exposed online as a result of this data breach, you also want to be extra careful when checking your email. The hackers behind this breach could use your information to craft more convincing scam and phishing emails. In this case, you want to avoid clicking on any links in these types of emails and you definitely don’t want to download any attachments as they could contain dangerous malware

It’s also worth noting that these emails will often try to instill a sense of urgency to get you to click or respond. However, if you keep a level head and don’t let your emotions get the best of you, you should be okay.

As we could be dealing with malware in addition to phishing and social engineering, you should be using the best antivirus software with your PC, the best Mac antivirus software with your Apple computer and one of the best Android antivirus apps on your Android phone. 

We could possibly learn more about this incident from FBCS at a later date but for now, impacted individuals need to be extremely careful as hackers will likely try to use all of this stolen data in their attacks.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.