A security breach at Comcast-owned Xfinity has exposed the personal data of nearly all the internet provider's customers, including account usernames, passwords and answers to their security questions.
Comcast said in a filing with Maine's attorney general's office that the hack affected 35.8 million people, with the media and technology giant notifying customers of the attack through its website and by email, the company said Monday. The intrusion stems from a vulnerability in software from cloud computing company Citrix, according to Comcast.
Although Citrix patched the vulnerability in October, Xfinity learned that unauthorized users gained access to its internal systems between Oct. 16 and Oct. 19, revealing customer data. For some people, that included their names, contact information, account usernames and passwords, birthdates, parts of their Social Security numbers and answers to their security questions.
In addition to Xfinity, Citrix provides software to thousands of companies around the world. The previously-announced vulnerability, dubbed "Citrix Bleed," has also been linked to hacks targeting the Industrial and Commercial Bank of China's New York arm and a Boeing subsidiary, among others.
Under new federal rules that took effect Monday, the Securities Exchange Commission requires public companies to disclose all cybersecurity breaches that could affect their financial results within four days of determining a breach is material.
All Xfinity customers — even those whose accounts might not have been breached — must reset their usernames and passwords, according to Comcast. Xfinity is also encouraging subscribers to use two-factor authentication to secure their accounts.
"While Xfinity advises customers not to re-use passwords across multiple accounts, the company is recommending that customers change passwords for other accounts for which they use the same username and password or security question," Comcast noted.
Comcast has more than 32 million broadband customers, according to its most recent earnings report, suggesting that the breach likely affected all Xfinity customers.
Customers with questions can contact Xfinity toll-free at (888) 799-2560 24 hours a day Monday through Friday from 9 a.m. to 9 p.m. Eastern time. More information is available on Xfinity's website at xfinity.com/dataincident.
—The Associated Press contributed to this report.
Megan Cerullo is a New York-based reporter for CBS MoneyWatch covering small business, workplace, health care, consumer spending and personal finance topics. She regularly appears on CBS News streaming to discuss her reporting.
2024-12-25 13:14444 view
2024-12-25 12:151269 view
2024-12-25 12:002335 view
2024-12-25 11:341519 view
2024-12-25 11:031855 view
2024-12-25 10:581165 view
NEW YORK (AP) — About six months ago, Donald Trumpwas sitting in a courtroom in lower Manhattan list
WASHINGTON (AP) — Rep. George Santos of New York is facing a critical vote to expel him from the Hou
A New York appellate court has reinstated a gag order barring former President Donald Trump from mak