Debt collector breach exposes financial data of 1.1 million Americans — see if you’re affected

An open lock depicting a data breach
(Image credit: Shutterstock)

Unlike with a cyberattack, you can get caught up in the fallout of a data breach even if you did nothing wrong. This is the case for 1.1 million Americans who may have had their financial data exposed following a recent breach at a major debt collector.

As reported by Cybernews, the US-based debt collector NCB Management Services has begun sending out data breach notification letters to users as the result of a breach that occurred back in February.

NCB claims that at the beginning of February, hackers gained access to its systems. Unfortunately though, it took the company three days to realize it had been breached.

Following an internal investigation, NCB submitted a data breach notification to the Maine Attorney General explaining that the hackers responsible accessed financial account numbers or payment card numbers along with security and access codes, passwords or PINs for the accounts of affected users.

This amount of financial information being exposed is quite concerning as users’ credit cards could end up for sale on the dark web. From here, hackers could use them to commit fraud or even identity theft if other sensitive data on affected users is also available online.

Banks are also caught up in the fallout

As NCB is a debt collection agency after all, it’s used by banks to collect any outstanding amounts owed. So far, it looks like both TD Bank and Bank of America have been indirectly affected by this data breach as well.

In a recent report on the matter, the legal advice site JD Supra explained that TD Bank customers could be affected from the NCB data breach as well. This is based on an official filing the Toronto-based bank also made with the Main Attorney General explaining that the hackers responsible gained access to the names, addresses, account numbers, dates of birth and Social Security numbers of its customers.

you want to be on the lookout for a data breach notification letter in your mailbox

Just like NCB did, TD Bank has also sent out data breach notification letters to customers who were impacted as a result of this data breach.

In a sample notice letter (PDF) submitted to the Maine Attorney General which was sent out to impacted users, NCB revealed that Bank of America customers may also be affected. According to the letter, hackers may have accessed their first and last names, addresses, phone numbers, email addresses, date of birth, employment position, pay amount, driver’s license numbers, Social Security numbers, account numbers, credit card numbers, routing numbers and other sensitive info during the breach on NCB.

How to tell if you’re affected and what to do next

A shocked couple realizing they've been scammed

(Image credit: Shutterstock)

If you’ve been contacted by NCB regarding debt collection before or are a Bank of America or TD Bank customer, you want to be on the lookout for a data breach notification letter in your mailbox. You may also receive an alert via your banking app or if you log into your account from your browser.

Although we don’t yet know if TD Bank is offering customers free access to the best identity theft protection services, Bank of America has said that it will provide affected customers with a two-year subscription to Experian IdentityWorks. You can find all of the details on how to activate the subscription in the data breach notification sent out by NCB if you received it.

Going forward, users caught up in this data breach should carefully review their credit reports and account statements for the next 12 to 24 months to look for any signs of suspicious activity.

As for which group of hackers is responsible for the breach, NCB has said that it is working with federal law enforcement agencies to get to the bottom of things. However, the company could end up paying a fine due to the fact that hackers had access to its systems for several days without being detected.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

TOPICS