NCB Management is an “accounts receivable management company.” In this case, that means collections.
According to NCB’s March 24 letter, NCB discovered on February 4 that an unauthorized party gained access to their systems on February 1, 2023. They confirmed on March 8 that some information on consumers’ Bank of America past-due credit card accounts was potentially accessed. The credit cards were already closed, but information on the consumers is the concern. According to NCB’s records, the information potentially accessed may have included first and last name, address, phone number, email address, date of birth, employment position, pay amount, driver’s license number, Social Security number, account number, credit card number, routing number, account balance, and/or account status.
“The unauthorized activity on NCB’s systems has been stopped, and NCB has obtained assurances that the third party no longer has any of the information on its systems,” they write.
Assurances from whom? The threat actors, because NCB paid their ransom demand? Or from law enforcement, who may have seized a server? It would help to know who provided those assurances.
Those affected will be offered two years of complimentary services through Experian IdentityWorksSM.
Bank of America’s report to the Maine Attorney General’s Office indicated that 494,969 customers were affected by the breach.
Correction of April 17: The last sentence of the article was edited to reflect that it was Bank of America’s report to the Maine Attorney General’s Office, not NCB’s.