The Federal Communications Commission (FCC) has reached an agreement with Comcast that involves a voluntary $1.5 million payment to settle a probe over a data breach involving a former vendor.
The agreement resolves an investigation launched by the FCC last year after a now-defunct company called Financial Business and Consumer Solutions (FBCS) said hackers breached a server that contained personal information belonging to nearly 240,000 current and former Comcast service customers.
Between 2010 and 2022, FBCS offered debt resolution services on behalf of Comcast, agreeing to pursue customers with past due accounts and those in default of their billing agreements. Comcast stopped using FBCS in 2022 and recalled all accounts that had not been settled, paid or charged off.
Despite this, FBCS apparently didn’t purge customer information on their end: In February 2024, unknown hackers accessed a server containing names, addresses, Social Security numbers and other personal data of Comcast customers.
FBCS notified Comcast about the breach a few months later, and the company in turn notified the FCC as part of its requirement under the Cable Communications Policy Act of 1984.
The settlement does not include any admission of wrongdoing. But Comcast has agreed to an extensive compliance plan that is intended to prevent a similar incident. The prevention plan requires Comcast to exert greater oversight over third-party vendors who may have access to customer information as part of their ongoing business relationships.
About the Author: