Comcast’s Xfinity has started notifying customers of a data breach that may have revealed information of nearly 36 million people, .
Xfinity, Comcast’s brand for broadband, video and phone services, said in a notice that a routine cybersecurity exercise on Oct. 25 revealed suspicious activity.
Unauthorized access to its systems between Oct. 16 and Oct. 19 was the result of a vulnerability with one of its software providers, Citrix, who had on Oct. 10 announced the vulnerability to its customers. Citrix followed with a further mitigation guidance on Oct. 23 and Xfinity said it patched the system.
On Nov. 16, Xfinity found that information was likely acquired, and eventually concluded on Dec. 6 that the information acquired could have included usernames and hashed passwords, names, contact information, last four digits of social security numbers, dates of birth, and/or secret questions and answers.
“However, the data analysis is continuing,” said Xfinity in a notice to customers, adding that it has contacted federal law enforcement.
According to a data breach notification filed in Maine, submitted by law firm Holland & Knight, the total number of people affected is about 35.9 million.
In a statement today, the company said it was unaware of an instances of customer information being leaked anywhere, or of any attacks on customers. Xfinity is requiring customers reset passwords to protect affected accounts, and recommends using multi-factor authentication to secure accounts.
Topics Cyber
Was this article valuable?
Here are more articles you may enjoy.
Employee Who Was Trapped in Elevator Denied Workers’ Compensation Benefits 
Allstate Reports May Pretax Catastrophe Losses of $1.4B 
Ford Recalls 668,000 2014 F-150 Pickup Trucks Over Transmission Issue 
Iowa Nurse Charged With Insurance Fraud 
