Cyber Incident Victim: NCB Management Services
Date:
Feb 2023
Location:
United States of America
Summary
A cyberattack on NCB Management Services exposed sensitive personal and financial information of nearly 500,000 individuals, including names, addresses, Social Security numbers, driver's license details, account balances, and credit card data. The compromised information pertained to closed Bank of America credit card accounts previously managed by the company. Unauthorized access to systems was detected shortly after the intrusion, with confirmation of data exposure following an investigation. Federal law enforcement agencies are involved in the case, and impacted individuals are being offered identity theft protection services. The company asserted that the unauthorized third party no longer retains the stolen data, while a consumer rights law firm initiated investigations into the breach's implications for affected parties.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 1, 2023, unauthorized actors gained access to systems operated by NCB Management Services, a Pennsylvania-based debt purchasing company. The breach was discovered three days later on February 4, with forensic investigation confirming by March 8 that attackers had obtained sensitive client information. The compromised data affected 494,969 individuals whose closed Bank of America credit card accounts had been serviced by NCB. Exposed information included full names, physical and email addresses, phone numbers, dates of birth, employment positions, compensation details, driver's license numbers, Social Security numbers, financial account numbers, credit card numbers, bank routing numbers, account balances, and account statuses. All impacted credit card accounts were confirmed to be closed prior to the breach. NCB notified affected individuals through breach letters distributed in late March 2023, approximately seven weeks after initial system access.
NCB publicly stated it had obtained assurances that the unauthorized third party no longer retained the stolen data, a formulation commonly associated with ransom payments, though no explicit confirmation of payment was provided. Federal law enforcement agencies became involved in investigating the attack. Bank of America, whose customers' historical account data was compromised, declined public comment but arranged two years of complimentary identity theft protection through Experian IdentityWorks for affected individuals. NCB clarified it no longer serviced the compromised accounts and directed inquiries to Bank of America. Concurrently, a consumer rights law firm initiated investigations into potential claims by individuals whose delinquent Bank of America accounts had been sold to NCB. The incident reflects broader targeting patterns within the debt collection sector, exemplified by a 2022 ransomware attack that exposed medical financial data from 657 healthcare providers through a compromised medical debt collector.