PHILADELPHIA (News First) — Xfinity is notifying customers of a data breach that may have exposed their personal information, including usernames, passwords, and contact details.
The company said Tuesday that it discovered unauthorized access to its internal systems between October 16 and October 19, 2023, as a result of a software vulnerability disclosed by Citrix on October 10.
Xfinity said it patched and mitigated the vulnerability within its systems, but not before some customer information was likely acquired by hackers. The company said it is still analyzing the data to determine the full extent of the breach.
The information in scope included usernames and hashed passwords; for some customers, other information may also have been included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers.
Xfinity said it has required customers to reset their passwords to protect affected accounts. It also urged customers to enable two-factor or multi-factor authentication to secure their Xfinity account, and to change passwords for other accounts that use the same credentials.
The company said it has notified federal law enforcement and initiated an investigation into the incident. It said it is providing notice of the breach through various channels, including its website, email, and news media.
Customers with questions can contact Xfinity’s dedicated call center at 888-799-2560 toll-free 24 hours a day, seven days a week. More information is available on the Xfinity website at www.xfinity.com/dataincident .
Xfinity said it takes its customers’ trust and security seriously, and that it remains committed to investing in technology and protocols to protect its customers.