JUST IN: Xfinity-Comcast Safety Breach Compromises 36 Million Prospects’ Contact Information, Passwords, Birthdates, Social Safety Numbers | The Gateway Pundit

A safety breach at Comcast-owned Xfinity has uncovered the private knowledge of almost all of the web supplier’s clients, together with account usernames, passwords and solutions to their safety questions.

Comcast stated in a filing with Maine’s legal professional common’s workplace that the hack affected 35.8 million individuals, with the media and expertise big notifying clients of the assault by means of its web site and by electronic mail, the corporate said Monday. The intrusion stems from a vulnerability in software program from cloud computing firm Citrix, in accordance with Comcast.

Though Citrix patched the vulnerability in October, Xfinity realized that unauthorized customers gained entry to its inside programs between Oct. 16 and Oct. 19, revealing buyer knowledge. For some individuals, that included their names, contact info, account usernames and passwords, birthdates, elements of their Social Safety numbers and solutions to their safety questions.

Along with Xfinity, Citrix gives software program to hundreds of corporations around the globe. The previously-announced vulnerability, dubbed “Citrix Bleed,” has additionally been linked to hacks focusing on the Industrial and Commercial Bank of China’sNew York arm and a Boeing subsidiary, amongst others.

Xfinity Information Safety Incident

Discover of Information Safety Incident
We’re notifying you of a latest knowledge safety incident involving your private info. This discover explains the incident, steps Xfinity has taken to deal with it, and steerage on what you are able to do to guard your private info.

What Occurred? On October 10, 2023, certainly one of Xfinity’s software program suppliers, Citrix, introduced a vulnerability in certainly one of its merchandise utilized by Xfinity and hundreds of different corporations worldwide. On the time Citrix made this announcement, it launched a patch to repair the vulnerability. Citrix issued extra mitigation steerage on October 23, 2023. We promptly patched and mitigated our programs.

Nonetheless, we subsequently found that previous to mitigation, between October 16 and October 19, 2023, there was unauthorized entry to a few of our inside programs that we concluded was a results of this vulnerability. We notified federal regulation enforcement and carried out an investigation into the character and scope of the incident. On November 16, 2023, it was decided that info was possible acquired.

What Data Was Concerned? On December 6, 2023, we concluded that the knowledge included usernames and hashed passwords; for some clients, different info was additionally included, akin to names, contact info, final 4 digits of social safety numbers, dates of start and/or secret questions and solutions. Nonetheless, our knowledge evaluation is continuous, and we are going to present extra notices as acceptable.

What We Are Doing. To guard your account, we have now proactively requested you to reset your password. The subsequent time you login to your Xfinity account, you’ll be prompted to vary your password, if you happen to haven’t been requested to take action already.

What You Can Do. We strongly encourage you to enroll in two-factor or multi-factor authentication. Whereas we advise clients to not re-use passwords throughout a number of accounts, if you happen to do use the identical info elsewhere, we advocate that you just change the knowledge on these different accounts, as nicely. You may overview the “Additional Information” part under for info on how one can additional defend your private info.

Extra Data. When you have extra questions, please contact IDX, Xfinity’s incident response supplier managing buyer notifications and name middle assist, at 888-799-2560 toll-free, 24 hours a day, 7 days per week. Extra info is offered on the Xfinity web site at www.xfinity.com/dataincident.

We all know that you just belief Xfinity to guard your info, and we are able to’t emphasize sufficient how severely we’re taking this matter. We stay dedicated to proceed investing in expertise, protocols and consultants devoted to serving to to guard your knowledge and retaining you, our buyer, secure.

Sincerely,

Xfinity

Extra Data

Generally, it’s best to stay vigilant for incidents of fraud and identification theft by reviewing account statements and monitoring your credit score reviews. You might be entitled to a free copy of your credit score report yearly. To acquire your credit score report, go to www.annualcreditreport.com, name toll-free 1-877-322-8228, or mail an Annual Credit score Report Request Type (out there at www.annualcreditreport.com) to: Annual Credit score Report Request Service, P.O. Field 105281, Atlanta, GA, 30348-5281. You can even buy a duplicate of your credit score report or contact the three main credit score reporting bureaus at:

You might place a safety freeze in your credit score reviews, freed from cost. A safety freeze prohibits a credit score reporting company from releasing any info from a client’s credit score report with out written authorization. Nonetheless, please bear in mind that inserting a safety freeze in your credit score report could delay, intrude with, or forestall the well timed approval of any requests you make for brand new loans, credit score mortgages, employment, housing, or different companies. You will have to position a safety freeze individually with every of the three main credit score bureaus if you happen to want to place a freeze on your entire credit score recordsdata. With a view to request a safety freeze, you’ll need to provide your full identify, deal with, date of start, Social Safety quantity, present deal with, all addresses for as much as 5 earlier years, electronic mail deal with, a duplicate of your state identification card or driver’s license, and a duplicate of a utility invoice, financial institution or insurance coverage assertion, or different assertion proving residence. To search out out extra on how one can place a safety freeze, contact the credit score reporting businesses:

At no cost, it’s also possible to have the three main credit score bureaus place a fraud alert in your file that alerts collectors to take extra steps to confirm your identification previous to granting credit score in your identify. Word, nonetheless, that as a result of it tells collectors to comply with sure procedures to guard you, it might additionally delay your potential to acquire credit score whereas the company verifies your identification. As quickly as one credit score bureau confirms your fraud alert, the others are notified to position fraud alerts in your file. Do you have to want to place a fraud alert, or ought to you might have any questions relating to your credit score report, please contact the credit score reporting businesses:

For New York residents, the New York Workplace of the Lawyer Normal will be contacted at The Capitol, Albany, NY, 12224, ag.ny.gov, or 1-800-771-7755.

For North Carolina residents, the North Carolina Lawyer Normal will be contacted at 9001 Mail Service Heart, Raleigh, NC 27699, ncdoj.gov, or 919-716-6000.