Hackers accessed Xfinity customers' personal information by exploiting a vulnerability in software used by the company, the Comcast-owned telecommunications business announced this week.

In a Monday notice to customers, Xfinity said there was unauthorized access to internal systems as a result of this vulnerability — which was previously announced by software provider Citrix — between Oct. 16 and 19.

Xfinity discovered the “suspicious activity” on Oct. 25, and in the following months determined that information was “likely acquired.” On Dec. 6, the company concluded that information included usernames and hashed passwords — and, for some customers, the last four digits of Social Security numbers, account security questions, birthdates and contact information.

Analysis of the breach is still continuing but to date, Xfinity is “not aware of any customer data being leaked anywhere, nor of any attacks on our customers,” the company said in a statement sent to The Associated Press Tuesday.

Xfinity is also requiring customers to reset their passwords, while strongly recommending two-factor or multifactor authentication.

A filing with Maine's office of the attorney general disclosed that nearly 35.9 million people were affected by this breach. The company declined to confirm a specific number Tuesday, but noted the filing's figure represents user IDs.

Philadelphia-based Comcast has more than 32 million broadband customers, according a recent earnings release.

In addition to Xfinity, Citrix provides software to thousands of companies around the world. The previously-announced vulnerability, dubbed “Citrix Bleed,” has also been linked to hacks targeting the Industrial and Commercial Bank of China's New York arm and a Boeing subsidiary, among others.

Under new rules that went into effect Monday, the Securities Exchange Commission now requires public companies to disclose all cybersecurity breaches that could affect their bottom lines — within four days of determining a breach is material. As of Tuesday, there were no SEC filings from Comcast about the recent data breach and the company did not immediately address it.

Share:
More In Business
Starbucks’ Change Flushes Out a Debate Over Public Restroom Access
Starbucks’ decision to restrict its restrooms to paying customers has flushed out a wider problem: a patchwork of restroom use policies that varies by state and city. Starbucks announced last week a new code of conduct that says people need to make a purchase if they want to hang out or use the restroom. The coffee chain's policy change for bathroom privileges has left Americans confused and divided over who gets to go and when. The American Restroom Association, a public toilet advocacy group, was among the critics. Rules about restroom access in restaurants vary by state, city and county. The National Retail Federation says private businesses have a right to limit restroom use.
Trump Highlights Partnership Investing $500 Billion in AI
President Donald Trump is talking up a joint venture investing up to $500 billion for infrastructure tied to artificial intelligence by a new partnership formed by OpenAI, Oracle and SoftBank. The new entity, Stargate, will start building out data centers and the electricity generation needed for the further development of the fast-evolving AI in Texas, according to the White House. The initial investment is expected to be $100 billion and could reach five times that sum. While Trump has seized on similar announcements to show that his presidency is boosting the economy, there were already expectations of a massive buildout of data centers and electricity plants needed for the development of AI.
Load More