NCB Management Services, a debt collecting company from the United States, has suffered what appears to be a ransomware attack in early February 2023 that left the data of over a million people exposed.
Based on breach notification letters sent to affected parties, as well as the filing it submitted with the Maine Attorney General, some 1.1 million people were affected by the breach.
“Recently, confidential client account information maintained by NCB was accessed by an unauthorized party. To date, we are unaware of any misuse of your information as a result of this incident,” NCB said in the letter to its users.
Paying the ransom
It took the company some three days to realize they had been breached. From that point, until April 19, NCB was engaged in forensic analysis, trying to understand which types of data were accessed. It later learned that the attackers stole financial account numbers or payment card numbers “in combination with security code, access code, password or PIN for the account.”
The company also hints that it paid the ransom, as it stated that it “obtained assurances that the unauthorized third party no longer has access to any of NCB’s data.”
Regardless, NCB said it will provide its users with up to two years of free identity theft monitoring services.
“In addition to activating the complimentary services offered, we recommend you review your credit reports and account statements over the next 12 to 24 months and notify your financial institution of any unauthorized transactions or incidents of suspected identity theft,” NCB said.
Cybercriminals usually steal sensitive data in order to sell it on the black market, or use it to run phishing campaigns, identity theft, wire fraud, and other forms of cybercrime. Companies are urged not to pay the ransom demand, as there are no guarantees they’ll remain safe, or get their data back. The only thing they can be sure of is that they’ll fund another round of cybercrime.