Truist has notified customers of a security breach involving a third-party service provider, asserting the incident did not affect its network, according to a letter the bank sent in early September that was made public last week. 

Financial Business and Consumer Solutions, a third-party debt collector that worked for the Charlotte, North Carolina-based lender, discovered unauthorized access to certain systems in its network between Feb. 14 and Feb. 26, when it launched an investigation to gauge the extent of the data breach.

More than 4.2 million people were affected in the breach, according to a notification submitted to the Maine attorney general’s office by Henry Stoughton, FBCS’s CFO.

The debt collector had warned in April that around 1.9 million people were affected. 

The data included names, addresses, dates of birth, Social Security numbers, driver’s license numbers and other state identification information.

The letter did not specify whether Truist continued business with FBCS after the breach.

The collection agency took steps to secure its systems, hiring an outside computer forensics specialist to investigate the event. After the breach, Truist offered customers credit monitoring services by Experian, Equifax and TransUnion, as well as two years of free protection services.

Cable provider Comcast also filed a data breach notification alleging around 237,703 customers were affected in a potential data breach of FBCS’s systems Feb. 14.

Truist declined to comment to Banking Dive beyond the letter.

Numerous FBCS customers sued the company, alleging various grievances. However, FBCS sought Chapter 7 bankruptcy protection Aug. 29. The bankruptcy filing is under review of a federal court in Pennsylvania.