Unlike cyber attacks, you can be caught up in the fallout of a data breach even if you have done nothing wrong. A recent breach at a major debt collection company may have exposed the financial data of 1.1 million Americans.

As reported by Cybernews, NCB Management Services, a U.S.-based debt collection agency, began sending data breach notices to its users as a result of the February breach.

NCB claims that hackers gained access to its systems in early February. Unfortunately, it took the company three days to realize the information breach.

After an internal investigation, NCB filed a data breach notification with the Maine Attorney General, explaining that hackers accessed affected users' accounts along with financial account numbers, payment card numbers, security and access codes, and passwords and PINs.

The fact that so much financial information was compromised is highly problematic, as users' credit cards could be for sale on the dark web. From here, hackers could potentially scam or even use them to steal personal information if other sensitive data about the affected users is also available online.

NCBs are, after all, debt collection companies and are therefore used by banks to collect outstanding amounts. So far, it appears that TD Bank and Bank of America are also indirectly affected by this data breach.

In a recent report on the matter, legal advice website JD Supra explained that TD Bank customers may also be affected by the NCB data breach. This is based on official documents filed by the Toronto-based bank with the Maine Attorney General, who explained that hackers gained access to customers' names, addresses, account numbers, dates of birth, and Social Security numbers.

As NCB did, TD Bank also sent a data breach notification letter to customers affected by this data breach.

In a sample notification letter (PDF) filed with the Maine Attorney General and sent to affected users, NCB clarified that Bank of America customers may also be affected. According to the notice, hackers may have accessed first and last names, addresses, telephone numbers, e-mail addresses, dates of birth, employment status, salary amounts, driver's license numbers, social security numbers, account numbers, credit card numbers, routing numbers, and other sensitive information when they broke into NCB.

Anyone who has previously been contacted by NCB regarding debt collection, or who is a Bank of America or TD Bank customer, should look forward to receiving a data breach notification letter in their mailbox. You may also receive an alert when you log into your account through your bank app or browser.

While it remains to be seen if TD Bank is offering its customers the best identity theft protection services for free, Bank of America has announced that it is offering affected customers a two-year subscription to Experian IdentityWorks. from NCB If you received the data breach notice that was sent to you, it contains all the details on how to activate your subscription.

Going forward, users caught up in this data breach should carefully review their credit reports and account statements for signs of suspicious activity over the next 12 to 24 months.

As for which hacker group is responsible for this information breach, NCB has stated that it is working with federal law enforcement to get to the bottom of it. However, the company may end up paying a fine since the hackers had access to the system undetected for several days.