NCB Management Services, a national accounts receivable management company and debt buyer, has notified 500,000 individuals that their personal information was compromised in a data breach. NCB reported that an unauthorized party compromised some of its systems on February 1 and accessed Bank of America credit card account information.
The data theft was confirmed on March 8, and the exposed personal information includes names, addresses, phone numbers, email addresses, birth dates, driver’s license numbers, Social Security numbers, and employment positions.
Furthermoe, financial information such as pay amounts, credit card numbers, routing numbers, account numbers and balance, and/or account statuses was also stolen.
According to NCB, the impacted credit card accounts had already been closed when the cyberattack occurred, and the incident did not involve the compromise of Bank of America systems.
NCB has obtained assurances that the third party no longer has any of the information on its systems, and the company claims that it is not aware of the potentially accessed information being distributed or used maliciously.
The description of the incident suggests that the company engaged in communication with the attackers, which implies that a ransom demand might have been made.
Additionally, NCB has notified the Maine Attorney General’s Office, and a national consumer rights law firm has announced that it is investigating the incident on behalf of impacted individuals.
NCB advises individuals who receive notification letters to review their credit reports, account statements, and explanation of benefits for any suspicious activity and to consider placing a fraud alert or credit freeze on their credit reports.