NCB Management Services

NCB Management Services, operating from its headquarters in the United States, functioned as a service provider managing closed Bank of America credit card accounts. The company's core activity involved the administration and processing of these charged-off accounts, a role that necessitated handling sensitive personal and financial information from consumers. This work placed it within the financial services sector, specifically supporting a major banking institution's portfolio of inactive accounts. The nature of its services required compliance with financial data regulations and security protocols to protect the information in its care. Its operational footprint was defined by its contractual relationship with Bank of America, serving as a third-party manager for a segment of the bank's former customers. The company's business model centered on the secure management and resolution of these closed accounts, a task involving account balances, payment processing, and consumer communications. This specialization in post-charge-off account management represented its primary market position. No explicit details regarding the company's size, such as employee count or annual transaction volume, are provided in the available information. Ownership structure, including whether it was an independent entity or a subsidiary, is not stated.

In February 2023, NCB Management Services experienced a significant cyberattack that resulted in a data breach affecting nearly 500,000 individuals. The incident exposed a wide array of sensitive data, including names, addresses, Social Security numbers, driver's license details, account balances, and credit card information belonging to consumers whose Bank of America credit card accounts had been closed. Unauthorized third-party access to the company's systems was detected shortly after the intrusion occurred. Following an internal investigation, the company confirmed that personal information had been exfiltrated. The breach's severity prompted involvement from federal law enforcement agencies. In response, NCB Management Services offered identity theft protection services to all impacted individuals. The company publicly asserted that the unauthorized party no longer retained the stolen data. The event also attracted scrutiny from a consumer rights law firm, which initiated investigations into the breach's implications for the affected parties. This incident highlighted the cybersecurity risks associated with third-party financial account servicing and the potential for large-scale exposure of consumer data. The breach's focus on data from previously closed accounts underscored the enduring value and vulnerability of historical financial records.