A security breach at Comcast-owned Xfinity has exposed the personal data of nearly all of the internet provider's customers, including account usernames, passwords and answers to their security questions.
Comcast said in a presentation With the Maine attorney general's office that the attack affected 35.8 million people, and the media and technology giant notified customers about the attack through its website and by email, the company saying Monday. The intrusion is due to a vulnerability in cloud computing company Citrix's software, according to Comcast.
Although Citrix patched the vulnerability in October, Xfinity learned that unauthorized users gained access to its internal systems sometime between October 16 and 19, revealing customer data. For some people, that included their names, contact information, account usernames and passwords, dates of birth, parts of their Social Security numbers, and answers to their security questions.
In addition to Xfinity, Citrix provides software to thousands of businesses around the world. The previously announced vulnerability, called “Citrix Bleed,” has also been linked to attacks targeting theNew York arm and a subsidiary of Boeing, among others.
Under new federal rules that took effect Monday, the Securities Exchange Commission requires public companies to disclose all cybersecurity breaches that could affect their financial results within four days of determining that a breach is material.
What should I do if I am an Xfinity customer?
According to Comcast, all Xfinity customers, even those whose accounts have not been breached, must reset their usernames and passwords. Xfinity also encourages subscribers to use two-factor authentication to protect their accounts.
“While Xfinity advises customers not to reuse passwords across multiple accounts, the company recommends that customers change passwords for other accounts that use the same username and password or security question,” Comcast said.
Comcast has more than 32 million broadband customers, according to its most recent report. earnings reportsuggesting that the breach likely affected all Xfinity customers.
Customers with questions can contact Xfinity toll-free at (888) 799-2560, 24 hours a day, Monday through Friday, 9 a.m. to 9 p.m. More information is available on the Xfinity website at www.xfinity.com/dataincident.
—The Associated Press contributed to this report.
News USA Today has a skilled online editor and content writer, boasting six years of experience in Media and Broadcasting. News, Finance, Sports, Travel, and Entertainment.