A security breach at Comcast-owned Xfinity has resulted in the unauthorized access and compromise of personal information belonging to nearly all customers of the internet service provider.
This includes account usernames, passwords, and responses to security questions.
Comcast disclosed in a submission to the attorney general’s office in Maine that the breach impacted 35.8 million individuals.
The media and technology conglomerate informed affected customers about the incident through its website and email notifications on Monday.
Comcast attributes the intrusion to a vulnerability in the software provided by the cloud computing company Citrix.
Despite Citrix having addressed the vulnerability in October, Xfinity discovered that unauthorized individuals accessed its internal systems between October 16 and October 19, resulting in the exposure of customer data.
This data included the names, account usernames, contact information as well as passwords, birthdates, partial Social Security numbers, and responses to security questions for specific individuals.
As of Monday, in accordance with newly implemented federal regulations, the Securities and Exchange Commission (SEC) mandates that public companies must promptly disclose any cybersecurity breaches deemed material to their financial outcomes within a four-day period from the determination of the breach.
Read Also: Semaglitude Overdose Emergencies: Poison Control Responds to 3,000 Calls in Current Year
Recommended Actions for Xfinity Customers
Comcast has directed all Xfinity customers, regardless of whether their accounts were compromised, to reset their usernames and passwords.
Furthermore, Xfinity strongly recommends that subscribers adopt two-factor authentication as an extra security measure.
Xfinity advises customers against using identical passwords for multiple accounts as well as suggests changing passwords for other accounts where the same username, password, or security question is employed.
For inquiries, customers can reach Xfinity toll-free at (888) 799-2560, accessible 24 hours a day, Monday through Friday, from 9 a.m. to 9 p.m. Eastern time. Further details are accessible on Xfinity’s website at xfinity.com/dataincident.
Read Also: More Than 200 Lead Poisoning Cases Tied to Recalled Applesauce Pouches, CDC Reports