The incident came to light in late April, when FBCS informed the Maine Attorney General that it had discovered a breach on February 26. In the two weeks prior to the discovery of the intrusion, hackers accessed some systems and may have stolen information.
Names, dates of birth, Social Security numbers, driver’s license and other identification numbers, and account information may have been compromised.
The company initially determined that 1.9 million people were impacted. On May 10, the company provided an update to the Maine AG, saying that the number had increased to nearly 2.7 million.
In yet another update submitted to the AG’s office this week, FBCS said it identified a total of more than 3.2 million people impacted by the incident.
While there is no evidence that the exposed information has been misused, affected individuals are being notified and offered 12 months of free credit monitoring services.
It’s unclear if FBCS was targeted by a ransomware group. The company does not appear to have been listed on any known group’s leak website.