Xfinity notifies customers of data breach

Hackers accessed Xfinity customers' personal information by exploiting a vulnerability in software used by the company, the Comcast-owned telecommunications business announced this week.

Associated Press

Dec 20, 2023, 12:35 PM

Updated 178 days ago

Share:

Hackers accessed Xfinity customers' personal information by exploiting a vulnerability in software used by the company, the Comcast-owned telecommunications business announced this week.
In a Monday notice to customers, Xfinity said there was unauthorized access to internal systems as a result of this vulnerability — which was previously announced by software provider Citrix — between Oct. 16 and 19.
Xfinity discovered the “suspicious activity” on Oct. 25, and in the following months determined that information was “likely acquired.” On Dec. 6, the company concluded that information included usernames and hashed passwords — and, for some customers, the last four digits of Social Security numbers, account security questions, birthdates and contact information.
Analysis of the breach is still continuing but to date, Xfinity is “not aware of any customer data being leaked anywhere, nor of any attacks on our customers,” the company said in a statement sent to The Associated Press Tuesday.
Xfinity is also requiring customers to reset their passwords, while strongly recommending two-factor or multifactor authentication.
A filing with Maine's office of the attorney general disclosed that nearly 35.9 million people were affected by this breach. The company declined to confirm a specific number Tuesday, but noted the filing's figure represents user IDs.
Philadelphia-based Comcast has more than 32 million broadband customers, according a recent earnings release.
In addition to Xfinity, Citrix provides software to thousands of companies around the world. The previously-announced vulnerability, dubbed “Citrix Bleed,” has also been linked to hacks targeting the Industrial and Commercial Bank of China's New York arm and a Boeing subsidiary, among others.
Under new rules that went into effect Monday, the Securities Exchange Commission now requires public companies to disclose all cybersecurity breaches that could affect their bottom lines — within four days of determining a breach is material. As of Tuesday, there were no SEC filings from Comcast about the recent data breach and the company did not immediately address it.


More from News 12
1:23
Early voting begins for New York’s Democratic primary

Early voting begins for New York’s Democratic primary

1:23
Mostly sunny weekend weather and low humidity in the Hudson Valley

Mostly sunny weekend weather and low humidity in the Hudson Valley

0:29
Police: 2 arrested for stabbing man in New Windsor

Police: 2 arrested for stabbing man in New Windsor

0:29
Saugerties man convicted of manslaughter for fatally beating man in 2022

Saugerties man convicted of manslaughter for fatally beating man in 2022

2:04
Village of Sleepy Hollow raises Pride flag for first time despite opposition from some residents

Village of Sleepy Hollow raises Pride flag for first time despite opposition from some residents

1:39
Showing support for Ukraine in the Hudson Valley during Yonkers Ukrainian Heritage Festival

Showing support for Ukraine in the Hudson Valley during Yonkers Ukrainian Heritage Festival

0:47
Westchester Medical Center pioneers robotic procedure to help those with severe hearing loss

Westchester Medical Center pioneers robotic procedure to help those with severe hearing loss

0:29
Carmel police warn people about recent car burglaries

Carmel police warn people about recent car burglaries

0:35
Prosecutors: Former Wallkill firefighter sentenced to prison for 2021 arson incident

Prosecutors: Former Wallkill firefighter sentenced to prison for 2021 arson incident

1:47
EXCLUSIVE: News 12 uncovers police data that shows 19 children struck by vehicles in Ramapo in 6 months

EXCLUSIVE: News 12 uncovers police data that shows 19 children struck by vehicles in Ramapo in 6 months

1:28
Officials: 7 people injured, 13 families displaced in Yonkers fire

Officials: 7 people injured, 13 families displaced in Yonkers fire

0:33
Dutchess County Sheriff's Office: Connecticut man killed in Town of Dover crash

Dutchess County Sheriff's Office: Connecticut man killed in Town of Dover crash

1:03
PARENTS: Dutchess County children lost for 2 hours on nightmare bus ride home

PARENTS: Dutchess County children lost for 2 hours on nightmare bus ride home

1:35
Orange County billiard player wins national championship, first competitor from Hudson Valley to do so in 30 years

Orange County billiard player wins national championship, first competitor from Hudson Valley to do so in 30 years

0:23
Democratic Westchester DA candidate Adeel Mirza drops out of race

Democratic Westchester DA candidate Adeel Mirza drops out of race

0:46
Police: 1 killed, 2 injured in East Fishkill collision involving garbage truck

Police: 1 killed, 2 injured in East Fishkill collision involving garbage truck

2:19
Caramoor Center for Music and the Arts provides summer entertainment in Katonah

Caramoor Center for Music and the Arts provides summer entertainment in Katonah

0:41
Weather On The Road: Matt Hammer visits New York Boulders stadium

Weather On The Road: Matt Hammer visits New York Boulders stadium

2:33
Food Truck Friday: The Patty Wagon from Freddy's Restaurant in Pleasantville

Food Truck Friday: The Patty Wagon from Freddy's Restaurant in Pleasantville

Is your dad awesome? Hudson Valley tell us why your dad rocks!

Is your dad awesome? Hudson Valley tell us why your dad rocks!