New York: In New York, Xfinity customers’ personal information fell victim to unauthorized access as hackers exploited a vulnerability within the software employed by the Comcast-owned telecommunications business, as revealed by the company this week.
In a notice issued to customers on Monday, Xfinity disclosed that internal systems experienced unauthorized access due to a vulnerability previously reported by software provider Citrix. This security breach occurred between October 16 and 19.
On October 25, Xfinity detected “suspicious activity,” and subsequent investigations over the following months determined that information was probably compromised.
By December 6, the company established that the exposed data encompassed usernames and hashed passwords. Additionally, the breach included the last four digits of Social Security numbers, account security questions, birthdates, and contact information for specific customers.
The investigation into the breach is ongoing, but Xfinity has stated that there is no indication of any customer data being leaked or any attacks on their customers. This information was conveyed in a statement to The Associated Press on Tuesday.
Xfinity has mandated customers reset their passwords and strongly advises adopting two-factor or multifactor authentication for enhanced security measures.
According to a filing with the office of the attorney general in Maine, it was revealed that almost 35.9 million individuals were impacted by this security breach.
Although the company refrained from confirming an exact number on Tuesday, it acknowledged that the figure mentioned in the filing represents user IDs.
As indicated in a recent earnings release, Comcast, headquartered in Philadelphia, boasts over 32 million broadband customers.
Apart from Xfinity, Citrix supplies software to numerous companies globally. The previously disclosed vulnerability, known as “Citrix Bleed,” has been associated with cyberattacks directed at various entities, including the New York branch of the Industrial and Commercial Bank of China and a subsidiary of Boeing.
As of Monday, new regulations implemented by the Securities Exchange Commission mandate that public companies promptly disclose any cybersecurity breaches with potential impacts on their financial standings within four days of determining the breach’s materiality.
However, as of Tuesday, Comcast had not filed any SEC disclosures regarding the recent data breach, and the company did not immediately provide a statement addressing the situation.
Xfinity Customer Information
Despite the swift patch implementation, Xfinity identified suspicious activity on October 25. Through subsequent investigation, the company determined that between October 16 and October 19, unauthorized access occurred within its internal systems due to the identified vulnerability.
After thoroughly examining the impacted systems and data, Xfinity believes that at-risk customer information encompasses usernames and hashed passwords for specific customers.
For another set of customers, the jeopardized information may involve names, contact details, the last four digits of Social Security numbers, birthdates, and responses to security questions.
In response to the situation, Xfinity has mandated password resets for customers and is strongly urging the implementation of two-factor authentication to enhance the security of their accounts, as mentioned in the news release.
Customers Call Center
For any inquiries, customers can contact Xfinity’s dedicated call center at 888-799-2560, which operates toll-free 24 hours a day, seven days a week.
Additional details can be found on the Xfinity
In reference to the October 2023 breach, Xfinity spokesperson Joel Shadle informed The Verge, “We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers.”
Shadle underscored the company’s dedication to safeguarding customers, affirming, “We prioritize the responsibility of protecting our customers and maintain a vigilant cybersecurity team monitoring 24×7.”
Most recent Business stories
Procrastinators can still take advantage of last-minute holiday shopping deals. The IRS has announced plans to waive $1 billion in penalties for individuals and businesses with outstanding back taxes for 2020 or 2021. Bill Gates expresses optimism about the potential of artificial intelligence to tackle global challenges.