Xfinity data breach affected millions of customers, company says

Internet provider Xfinity said hackers had accessed personal information for nearly 36 million customers thanks to a software vulnerability.

The compromised software, offered by the company Citrix, allowed unauthorized access to internal systems at Xfinity.

Xfinity, which is owned by Comcast, said it discovered “suspicious activity” on Oct. 25. On Dec. 6, the company determined hackers had accessed user names and hacked passwords. They also accessed contact information, account security questions, birthdates and the last four digits of social security numbers.

In a filing with Maine’s office of the attorney general, Xfinity said the breach had affected close to 35.9 million user accounts in some way.

That may represent a significant portion of Comcast’s overall user base. A recent earnings release showed Comcast had 32 million broadband subscribers.

Xfinity told The Associated Press on Tuesday it was “not aware of any customer data being leaked anywhere, nor of any attacks on our customers.”

The company said it is directing customers to reset passwords and encouraging the use of two-factor authentication.

Public companies like Comcast are now required under new Securities and Exchange Commission rules to disclose cybersecurity breaches that may affect their bottom line no later than four days after they take place. According to The Associated Press, Comcast has made no such filing with the SEC yet.