United States of America: Federal Communications Commission's Enforcement Bureau entered into consent decree requiring Comcast to pay USD 1.5 million over data breach

On 24 November 2025, the Federal Communications Commission's Enforcement Bureau entered into a consent decree requiring Comcast to pay USD 1.5 million, resolving an investigation concerning a data breach. The investigation concerned a data breach at Financial Business and Consumer Solutions (FBCS), a former debt collection vendor for Comcast, which, between 14 and 26 February 2024, exposed personally identifiable information of 237,702 current and former Comcast customers. The breach compromised sensitive information, including names, addresses, social security numbers, dates of birth, and account numbers. Under the consent decree, Comcast also agrees to implement a compliance programme. The compliance programme requires Comcast to develop an updated compliance manual within six months and provide training to employees on subscriber privacy requirements. Comcast would also establish a vendor management programme that addresses data inventory, retention, and deletion requirements, as well as biennial risk assessments and ongoing monitoring of vendor compliance with privacy safeguards.