If You Are A Member Of Xfinity Your Data May Have Been Released

WHAT HAPPENED? 

Between October 16th and 19th, Xfinity learned of unauthorized access to its internal system, Citrix– a cloud computing company who provides software to thousands of companies around the world. Citrix issued a software patch to close the vulnerability, but after they patched the software, Comcast discovered unauthorized access to its internal systems.  

On December 18th, 2023 Comcast Xfinity filed a notice with the Attorney General of Maine affecting customers nationwide.  

Comcast asked all its customers to reset their passwords and enable multi-factor authentication on their accounts. 

WHO WAS AFFECTED? 

• 36 MILLION CUSTOMERS AFFECTED 
• Comcast has more than 32 million active broadband customers, meaning that almost all, if not all customers have been affected.  

WHAT WAS EXPOSED? 

• Usernames & passwords  
• Full name 
• Last four digits of social security number 
• Contact information, dates of birth 
• Security questions and answers were exposed 

WHO HACKED CITRIX? 

• At least one group of thread actors has exploited Citrix Bleed– people deploying LockBit 3.0 ransomware, which has been linked to Russia, according to cybersecurity researcher Kevin Beaumont.  
• These affiliates have previously targeted organizations in critical infrastructure sectors, including government and emergency services, health care, financial services.  
• In late October, members of the ransomware group LockBit claimed to have breached Boeing’s parts and distribution business. Investigators traced that attack to an exploit of Citrix Bleed. 

In the rise of the digital age, cybersecurity is critical. Grungo Law’s data breach attorneys are here to give you the most prevalent news to protect your information on the internet.