Comcast will pay a $1.5 million fine to settle a Federal Communications Commission investigation into a February 2024 vendor data breach that exposed the personal information of nearly 275,000 customers.
The breach occurred in February 2024, when attackers hacked into the systems of Financial Business and Consumer Solutions (FBCS), a debt collector Comcast had stopped using two years earlier.
The FCBS data breach was initially believed to have affected 1.9 million people in total, but the tally was raised to 3.2 million in June and, finally, to 4.2 million in July.
FBCS, which filed for bankruptcy before revealing a data breach in August 2024, notified Comcast on July 15 (five months after the attack) that customer data had been compromised, affecting 273,703 Comcast customers. Previously, it had assured Comcast in March that the breach did not affect any of its customers.
The threat actors stole personal and financial information between February 14 and February 26, including the names, addresses, Social Security numbers, dates of birth, and Comcast account numbers of affected current and former customers. Affected customers had used Comcast’s Xfinity-branded internet, television, streaming, VoIP, and home security services.
Under the consent decree announced by the FCC on Monday, Comcast has also agreed to implement a compliance plan that includes enhanced vendor oversight to protect data and ensure customer privacy, ensuring its vendors properly dispose of customer information they no longer need for business purposes, as required by the Cable Communications Policy Act of 1984.
The telecommunications giant must also appoint a compliance officer, conduct risk assessments of vendors handling customer data every two years, file compliance reports with the FCC every six months over the next three years, and report any material violations within 30 days of discovery.
However, Comcast said in a statement to Reuters that it “was not responsible for and has not conceded any wrongdoing in connection with this incident,” noting that its network wasn’t breached and that FBCS was contractually required to comply with security requirements.
A Comcast spokesperson was not immediately available for comment when contacted by BleepingComputer.
Comcast is an American mass media, telecommunications, and entertainment multinational company, and the fourth-largest telecom firm in the world by revenue, after AT&T, Verizon, and China Mobile.
It also has over 182,000 employees, hundreds of millions of customers worldwide, and reported revenues of $123.7 billion in 2024.
Whether you’re cleaning up old keys or setting guardrails for AI-generated code, this guide helps your team build securely from the start.
Get the cheat sheet and take the guesswork out of secrets management.