An NCB breach notification letter has been sent to affected customers informing them that their data has been hacked. Over 1.1 million people have been exposed by this breach. On February 1st, a US-based company claimed that its systems were breached by attackers, claiming they had penetrated its network. After the company's systems were breached, NCB noticed it within three days of the incident.
Cybernews reported this morning that debt collection agency NCB Management Services has begun notifying customers of data breaches following a breach in February. The breach was first reported by the agency in early 2017.
It has been reported that an unauthorized third party gained access to confidential information NCB maintains on client accounts recently. The company's letter to potential victims began with the statement: "In the wake of this incident, we are unaware that any of the information you have provided has been misused."
A report has emerged claiming that NCB had its systems hacked in February. Despite this, it took the company three days to realize this security breach had occurred.
As a result of cybercriminals stealing personal information from consumers, cybercriminals have launched targeted phishing campaigns via email, phone or text message to defraud those individuals.
Based on the debt collector's investigation, the type of data accessed from April 19th until now has been determined. Upon reviewing information the company provided to the Maine Attorney General, it appears that the attackers gained access to financial account numbers or payment card numbers. This was done by using security codes, access codes, passwords, or PINs associated with the accounts.
There is a trend of stolen financial data being sold on dark web forums. This is so criminals can mask their illicit activities using others' names. This is done by using stolen information from their bank accounts.
In my opinion, the amount of financial information exposed is quite concerning as users' credit card numbers could be sold on the dark web if there is no hacking involved.
In the event hackers are also able to access sensitive data on affected users, it may be possible for them to use their own data to commit crimes such as identity theft or fraud.
In fact, NCB is a debt collection agency that banks hire to get rid of outstanding amounts owed to them. This is due to its nature as an enforcement agency. This looks like TD Bank and Bank of America have also been indirectly affected by this data breach.
According to a recent report by JD Supra, the legal advice site, TD Supra, has detailed the possibility that NCB's data breach might impact TD Bank customers as well. This is in a similar manner to that of TD Bank.
The Toronto-based bank also notified the US Attorney General that the hackers responsible gained access to its customers' names, addresses, account numbers, dates of birth and Social Security numbers. In addition, they gained access to their account balances. This is based on an official filing the bank made with the Main Attorney General.
One of the recent companies to be breached is Dish, another highly regarded satellite broadcaster in the US. The company has also tried to reassure its affected customers by stating that it had "received confirmation that the extracted data has been deleted."
Cyber security experts say organizations should never succumb to criminals' demands, as the results are usually high-frequency attacks by the criminals themselves. The FBI and other law enforcement agencies also believe ransomware payments should not be made.
It has been announced that NCB is offering free services to affected users for two years. This will enable them to monitor identity theft for two years and prevent further attacks.
The National Bank of Boston, in a sample notification letter submitted to the Maine Attorney General, revealed that the bank may also affect Bank of America through the same problem.
Bank of America has said that if TD Bank offers free access to one of the most effective identity theft protection services, Bank of America will also offer the same to its customers. Bank of America has assured affected customers that it will provide a two-year Experian IdentityWorks subscription. If you have received a data breach notification from NCB, you will have all the information you need about how to set up the subscription. This information is in that notification.
In the coming year, users affected by this data breach should carefully review their credit reports and account statements. They should look for any unusual activity associated with the breach.
NCB is working closely with federal law enforcement agencies to figure out who is responsible for the breach and what group of hackers are responsible. Despite that, it is highly likely that the company could pay a fine. This is because hackers accessed its systems for several days before being discovered and getting their hands on them.