In February 2024, a significant data breach occurred at Financial Business and Consumer Solutions (FBCS), a debt collections agency serving companies, including banks. This breach has had far-reaching consequences, affecting some 4.2 million individuals, including an undisclosed number of Truist Bank's customers.
The FBCS breach exposed sensitive customer information such as full names, Social Security Numbers (SSNs), dates of birth, ID/driver's license details, medical claims/clinical information, and other personal information.
Banks often engage third parties to streamline operations, reduce costs, and enhance customer services. However, these relationships come with significant risks. Third parties may not always adhere to the same stringent security protocols as the banks they serve. This discrepancy can create vulnerabilities that cybercriminals can exploit. Regulators have made clear that banks remain responsible for meeting regulatory requirements whether their activities are performed internally by the banks themselves or externally by their third parties.
🔍 Why is This Important to Banks and their Executive Teams? 🔍
To mitigate the risks associated with third-party relationships, banks must implement comprehensive third-party risk management programs that include appropriate:
The FBCS data breach serves as another critical lesson for banks. It highlights the importance of selecting reputable third parties and maintaining vigilant oversight and robust risk management practices. By doing so, banks can better protect their customers' sensitive information, meet regulatory requirements, and uphold customer trust.
👉🏻 Need help with your third-party risk management program? Contact our team today!