Comcast Pays $1.5 Million to Settle FCC Data Breach Probe

By published

Cable operator agrees to voluntary payment to settle 2024 incident that affected some 237,000 customers

WASHINGTON—The Federal Communications Commission’s Enforcement Bureau said it has entered into a consent decree with Comcast calling for the cable company to pay a $1.5 million fine for a February 2024 vendor data breach that exposed the personal information of some 237,000 customers.

The decree resolves the Enforcement Bureau’s investigation into whether Comcast Cable Communications, LLC violated sections of the Cable Communications Policy Act of 1984 in connection with a breach by a now-defunct debt-collection agency that compromised the personal information of Comcast cable subscribers.

Under the consent decree, Comcast agreed to pay a $1.5 million “voluntary contribution” and implement a compliance plan that includes, among other things, improved vendor oversight practices related to customer privacy and information protection.

The case involved a now-bankrupt company, Financial Business and Consumer Solutions (FBCS), which provided debt-collection services to Comcast between from 2010 to 2022. Those services gave FBCS access to some customer information.

Comcast notified FBCS in 2020 that it was terminating the parties’ agreement and stopped referring new accounts to FBCS for debt-collection services. FBCS ceased all work for Comcast in 2022, when the cable operator recalled the final accounts.

The consent decree notes that between Feb. 14 and Feb. 26, 2024, hackers illegally accessed the FBCS network without authorization, exposing the private information of 237,702 current and former Comcast customers. That information included first names or first initial and last names, addresses, Social Security numbers, dates of birth, Comcast account numbers, internal Comcast ID numbers, and internal FBCS ID numbers.

FBCS first informed Comcast of the breach on July 15, 2024. FBCS filed for bankruptcy before notifying state authorities that the FBCS breach impacted the cable operator’s current and former customers. Comcast notified customers and state authorities of the problem.

As part of the consent decree, Comcast agreed to hire a compliance officer to implement a compliance plan and procedures to improve security.

More information and the complete Consent Decree is available here.

George Winslow
George Winslow

George Winslow is the senior content producer for TV Tech. He has written about the television, media and technology industries for nearly 30 years for such publications as Broadcasting & Cable, Multichannel News and TV Tech. Over the years, he has edited a number of magazines, including Multichannel News International and World Screen, and moderated panels at such major industry events as NAB and MIP TV. He has published two books and dozens of encyclopedia articles on such subjects as the media, New York City history and economics.