Cable TV and internet service provider Xfinity says a breach linked to a widespread vulnerability in Citrix technology exposed data of about nearly 36 million people in mid-October.
The intrusion happened between October 16-19, after Citrix had announced the bug but before Xfinity patched its systems, the Philadelphia-based company said in a notification filed Monday with Maine regulators.
Since Citrix announced the bug on October 10, it has prompted warnings from cybersecurity experts and the federal government about exploitation by malicious hackers.
Cybercrime groups are suspected to have used it in attacks against the healthcare, aviation, banking and manufacturing sectors, among others.
Xfinity - a division of Comcast Corp., which also runs entertainment company NBCUniversal - said it patched its systems on October 23 after Citrix issued additional guidance.
The regulatory filing does not specify exactly when Xfinity discovered the breach.
The company is asking customers to reset their passwords and is urging them to add two-factor authentication to their accounts.
Joe Warminsky is the news editor for Recorded Future News.
He has more than 25 years experience as an editor and writer in the Washington, D.C., area.
Most recently he helped lead CyberScoop for more than five years.
Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.
This Cyber News was published on therecord.media. Publication date: Tue, 19 Dec 2023 14:30:23 +0000