Xfinity Data Breach Impacts 36 Million Individuals

The data breach disclosed recently by Comcast's Xfinity impacts nearly 36 million individuals, the company told US authorities.
The incident was disclosed by the telecommunications and smart home solutions provider on December 18, when it admitted that hackers gained access to customer usernames and hashed passwords, as well as names, dates of birth, contact information, secret questions and answers, and the last four digits of social security numbers in some cases.
While the company's press release and customer notice does not include information on the number of affected individuals, Xfinity told the Maine Attorney General's Office that the data breach impacts 35,879,455 people.
Comcast recently reported having roughly 32 million customers, which suggests that the data breach could affect all Xfinity customers and possibly employees as well.
SecurityWeek has reached out to Comcast for clarifications and will update this article if the company responds.
The attack on Xfinity involved exploitation of a Citrix Netscaler ADC and Gateway vulnerability named CitrixBleed and tracked as CVE-2023-4966.
This critical vulnerability can allow hackers to hijack existing sessions and gain access to the targeted organization's systems.
Citrix announced the availability of patches on October 10, but the vulnerability had been exploited as a zero-day since at least August.
Mass exploitation of CitrixBleed started a few weeks after the fixes were released.
The company has required customers to change their passwords following the discovery of the intrusion.
CitrixBleed is believed to have been exploited in attacks against many high-profile organizations, including Toyota.


This Cyber News was published on www.securityweek.com. Publication date: Wed, 20 Dec 2023 13:13:08 +0000


Cyber News related to Xfinity Data Breach Impacts 36 Million Individuals

Comcast Xfinity Reports Data Breach Exposing Info About 35M Customers - PRESS RELEASE. MARLTON, N.J., Dec. 19, 2023 /PRNewswire/ - Approximately 35 million consumers are being notified that their confidential information was compromised due to a vulnerability in software created by Citrix and used by Xfinity. The data ...
11 months ago Darkreading.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 month ago Aws.amazon.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
10 months ago Securityboulevard.com
Xfinity Rocked with Data Breach Impacting 36 Million Users - LLC, operating under the brand name Xfinity, has suffered a massive data breach affecting 36 million users. Comcast-owned brand Xfinity has initiated the process of notifying its customers about a significant data breach impacting tens of millions of ...
11 months ago Hackread.com
Comcast's Xfinity Breached: Data of 36 Million Users Exposed - Citrix bugs caused a lot of problems throughout the year, and as we're closing down 2023, it seems it's not over. This time, Xfinity, Comcast's cable television and internet division has been the victim of a data breach caused by the Citrix bug. ...
10 months ago Heimdalsecurity.com
Xfinity Data Breach Impacts 36 Million Individuals - The data breach disclosed recently by Comcast's Xfinity impacts nearly 36 million individuals, the company told US authorities. The incident was disclosed by the telecommunications and smart home solutions provider on December 18, when it admitted ...
11 months ago Securityweek.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
9 months ago Securityzap.com
Comcast-Owned Telcom Business 'Xfinity' Suffers Data Breach - Comcast-owned Xfinity has suffered a major data breach, affecting more than 25 million of its customers. This intrusion not only demonstrates a risky and expanding practice among hackers, but it has also greatly increased the vulnerability of ...
10 months ago Cysecurity.news
Welltok data breach exposes data of 8.5 million US patients - Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. Welltok works with health service ...
11 months ago Bleepingcomputer.com
Xfinity discloses data breach after recent Citrix server hack - Doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in October also stole customer-sensitive information from its systems. On October 25, roughly two weeks after Citrix released security updates to ...
11 months ago Bleepingcomputer.com
Comcast Xfinity Breached via CitrixBleed; 35M Customers Affected - The now-infamous CitrixBleed vulnerability has claimed possibly its biggest kill yet: 35 million customers of Comcast Xfinity. Since at least August, attackers have been exploiting CVE-2023-4966, a 7.5 high-severity vulnerability affecting Citrix ...
11 months ago Darkreading.com
WebTPA data breach impacts 2.4 million insurance policyholders - The WebTPA Employer Services data breach disclosed earlier this month is impacting close to 2.5 million individuals, the U.S. Department of Health and Human Services notes. Some of the impacted people are customers at large insurance companies such ...
6 months ago Bleepingcomputer.com
Mint Mobile discloses new data breach exposing customer data - Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. Mint is a mobile virtual network operator owned by T-Mobile, offering budget, pre-paid ...
10 months ago Bleepingcomputer.com
FCC orders telecom carriers to report PII data breaches within 30 days - Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. FCC's final rule follows several ...
9 months ago Bleepingcomputer.com
36 million people affected by data breach at Xfinity - Cable TV and internet service provider Xfinity says a breach linked to a widespread vulnerability in Citrix technology exposed data of about nearly 36 million people in mid-October. The intrusion happened between October 16-19, after Citrix had ...
11 months ago Therecord.media
Welltok Data Breach: 8.5M US Patients' Information Exposed - In a recent cybersecurity incident, Welltok, a leading healthcare Software as a Service provider, reported unauthorized access to its MOVEit Transfer server, affecting the personal information of approximately 8.5 million patients in the United ...
11 months ago Securityboulevard.com
Data breach at French healthcare services firm puts millions at risk - French healthcare services firm Viamedis suffered a cyberattack that exposed the data of policyholders and healthcare professionals in the country. Though the company's website remains offline at the time of writing, an announcement was posted on ...
9 months ago Bleepingcomputer.com
Delta Dental says data breach exposed info of 7 million people - Delta Dental of California is warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. Delta Dental is a dental insurance provider that covers 85 million people ...
11 months ago Bleepingcomputer.com
Delta Dental of California data breach exposed info of 7 million people - Delta Dental of California and its affiliates are warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. Delta Dental of California is a dental insurance provider ...
11 months ago Bleepingcomputer.com
Prudential Financial data breach impacted over 2.5M individuals - Prudential Financial data breach impacted over 2.5 million individuals. Keytronic confirms data breach after ransomware attack. ABN Amro discloses data breach following an attack on a third-party provider. Christie disclosed a data breach after a ...
4 months ago Securityaffairs.com
Data breach at healthcare tech firm impacts 4.5 million patients - HealthEC LLC, a provider of health management solutions, suffered a data breach that impacts close to 4.5 million individuals who received care through one of the company's customers. HealthEC provides a population health management platform that ...
10 months ago Bleepingcomputer.com
Dakota Eye Institute Files Notice of Data Breach Affecting More Than 107k Individuals - On October 23, 2023, the Dakota Eye Institute filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that patients' personal information was compromised following a cyberattack. ...
11 months ago Jdsupra.com
Sav-Rx discloses data breach impacting 2.8 million Americans - Prescription management company Sav-Rx is warning over 2.8 million people in the United States that it suffered a data breach, stating that their personal data was stolen in a 2023 cyberattack. A&A Services, doing business as Sav-RX, is a pharmacy ...
5 months ago Bleepingcomputer.com
FTC orders Blackbaud to boost security after massive data breach - Blackbaud has settled with the Federal Trade Commission after being charged with poor security and reckless data retention practices, leading to a May 2020 ransomware attack and a data breach affecting millions of people. Blackbaud is a U.S.-based ...
9 months ago Bleepingcomputer.com
Collection agency FBCS ups data breach tally to 3.2 million people - Debt collection agency Financial Business and Consumer Solutions now says over 3.2 million people have been impacted by a data breach that occurred in February. FBCS is a nationally licensed debt collection agency in the U.S., specializing in ...
4 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)