Xfinity data breach affected over 35.8M customers

Xfinity is asking its customers to reset their passwords after a data breach in October that affected over 35.8 million customers.

Citrix, an international company that provides server, application, and desktop virtualization, networking, and software services, notified Xfinity on Oct. 10 of a “vulnerability” in one of its products that may have caused millions of people’s data to be hacked.

Citrix released a patch for the problem when they announced the vulnerability, and provided more mitigation guidance on the data breach on Oct. 23., according to a press release from Xfinity on Monday, which added that the company installed the patch and mitigated its systems promptly.

However, after applying the patch to the system, Xfinity officials discovered that between Oct. 16 and Oct. 18, there was most likely unauthorized access to its internal system as a result of the Citrix vulnerability. Officials say that the breach was then confirmed on Nov. 16.

Xfinity added in Monday’s press release that the company contacted federal law enforcement to conduct an investigation.

The information accessed by the hackers includes usernames, hashed passwords, names, contact information, the last four digits of social security numbers, birth dates, and secret questions and answers, according to Xfinity.

The company is now directing consumers to change their passwords and enroll in two-factor authentication.

The press release did not specify how many customers were affected, but in a filing with the Office of the Maine Attorney General, Comcast said 35,879,455 people were affected by the data breach nationwide.

Consumers with questions can contact IDX, Xfinity’s incident response provider managing customer notifications and call center support, at 888-799-2560 toll-free Monday through Friday from 9 a.m. to 9 p.m. EST.

In response to how Comcast plans to prevent another incident from occurring, the company said, “In today’s environment, large companies face cybersecurity threats constantly. We have robust security programs in place which help us to discover criminal activity such as this one and to quickly mitigate it. Customers trust us to protect their information, and the company takes this responsibility seriously. We remain committed to investing in technology, protocols and experts dedicated to helping protect our customers.”

For more information on the data breach and information on how to protect yourself from identity theft, read the full statement from Xfinity below.