Customer Data Breaches at Major Telecommunications Providers
British telecommunications company Brsk confirmed unauthorized access to one of its customer database systems, resulting in the exposure of over 230,000 customer records. The stolen data, which was advertised for sale on a cybercrime forum, included full names, email and home addresses, installation details, location data, phone numbers, and indicators of vulnerability status. Brsk stated that no financial information, passwords, or account credentials were compromised, and there is no evidence of misuse so far. The company has notified affected customers, offered them 12 months of free monitoring services, and reported the incident to relevant authorities, including the ICO and police.
Separately, Comcast agreed to pay a $1.5 million fine to settle an FCC investigation into a February 2024 vendor data breach that exposed the personal and financial information of nearly 275,000 customers. The breach occurred at Financial Business and Consumer Solutions (FBCS), a former debt collection vendor, and included names, addresses, Social Security numbers, dates of birth, and account numbers. Comcast has committed to enhanced vendor oversight, regular risk assessments, and improved compliance reporting as part of the settlement. Both incidents highlight the ongoing risks to customer data in the telecommunications sector, whether from direct attacks or third-party vendor breaches.
Sources
Related Stories
Telecom providers face legal and regulatory fallout after major data breaches and service disruption
Comcast moved toward resolving litigation tied to its 2023 **Citrix Bleed**-linked breach, after a federal judge in Pennsylvania granted preliminary approval to a **$117.5M** settlement covering two dozen class actions. The incident was reported as potentially affecting **~30M** current and former customers; proposed relief includes **three years of credit/identity monitoring** plus either reimbursement of documented losses (up to **$10,000**) or a **$50** cash option, while Comcast continues to deny liability despite not opposing preliminary approval. Separately, South Korea’s **SK Telecom** rejected a government-affiliated consumer agency’s proposed compensation framework for a personal data leak, declining a plan that would pay **100,000 won (~$69.40)** per affected petitioner and potentially scale to a much larger total cost; the rejection leaves claimants to pursue individual civil suits. In a different telecom-related development not tied to a breach, the **FCC** opened a dedicated intake channel to collect customer reports as it investigates the **January 14 Verizon outage** that disrupted calling/texting for roughly **10 hours**, including impacts to **911** access; Verizon attributed the disruption to a software issue and offered customer credits.
1 months ago
Class-action settlements tied to data exposure and privacy claims
Comcast agreed to pay **$117.5M** to settle a class action tied to a large-scale breach disclosed in late 2023 that potentially affected **31M+** people. Comcast attributed the intrusion to **CitrixBleed** (Citrix NetScaler ADC/Gateway), a vulnerability that can enable **session hijacking** and credential theft; researchers warned stolen session tokens could remain valid even after patching, extending attacker access. The proposed settlement (preliminarily approved) provides reimbursement for documented losses (up to **$10,000** per person) and compensation for time spent responding, while Comcast denies wrongdoing. Separately, Google agreed to pay **$135M** to settle Android users’ claims that devices transmitted data to Google servers over **cellular networks** in the background without meaningful consent, with individual payouts capped (reported up to **$100**) and additional **injunctive relief** requiring clearer disclosures and express consent during setup. Two dermatology practices also reached settlements over cybersecurity incidents exposing patient data; one New Jersey practice reported unauthorized network access spanning **Dec 2023–Mar 2024** and exposure of **PHI/PII** (including SSNs and treatment/insurance data) affecting **373,630** individuals, offering cash benefits plus credit monitoring/identity protection while denying liability.
1 months agoMultiple Healthcare and Insurance Data Breaches Impacting Millions
Several major organizations in the healthcare and insurance sectors have disclosed significant data breaches affecting millions of individuals. ARC Community Services reported a ransomware attack by the INC Ransom group, resulting in the exfiltration of sensitive patient data, including health and financial information. Aflac confirmed that a June cyberattack led to the theft of files containing insurance claims, health data, and Social Security numbers for over 22 million customers, with no operational disruption but widespread exposure of personal information. The Louisiana Office of Student Financial Assistance (LOSFA) notified students of unauthorized access to its systems, exposing names and Social Security numbers, though certain savings accounts were not affected. Oklahoma Spine Hospital agreed to a $1.1 million settlement following a July breach that compromised the data of nearly 39,000 patients, including medical and financial details. These incidents highlight the ongoing threat posed by cybercriminals targeting sensitive data in the healthcare and insurance industries. Victims in these breaches are being offered credit monitoring and identity protection services, and regulatory notifications have been issued. The attacks have prompted legal action, regulatory scrutiny, and, in some cases, leadership changes within affected organizations. Law enforcement and cybersecurity experts have been engaged to investigate and mitigate the impact of these breaches, which are part of a broader trend of targeted attacks against organizations handling large volumes of personal and health-related information.
2 months ago