The Desk appreciates the support of readers who purchase products or services through links on our website. Learn more...

Comcast warns Xfinity customers of likely data breach

The incident is connected to a security issue with Citrix, a technology provider Comcast and other companies use for various services.

The incident is connected to a security issue with Citrix, a technology provider Comcast and other companies use for various services.

A Comcast gateway used to provide Internet service under the Xfinity brand. (Courtesy image)
A Comcast gateway used to provide Internet service under the Xfinity brand. (Courtesy image)

Comcast says it has notified federal law enforcement agencies about a data breach that may impact tens of millions of customers.

On Monday, Comcast said it was providing customers of its Xfinity television and broadband services with a notice about the security incident, which involved a technical contractor called Citrix.

The incident happened two months ago, when Citrix told clients about a security exploit that affected thousands of its clients, including Comcast.

The initial announcement was made on October 10, but Citrix didn’t provide clients with a way to fix the issue until October 23, according to Comcast’s notice. Once Comcast was able to implement the patch, it did so, but two days later, the company noticed unusual activity on some of its internal computer systems, suggesting the security issue had already been exploited.

According to Comcast, thieves may have stolen a cache of customer-related information, including usernames, hashed passwords, contact information, the last four digits of a customer’s Social Security number, dates of birth and the answers to their “secret” login questions.

That may not be all the thieves were able to get, Comcast said, affirming that its “data analysis is continuing.”

“Xfinity has required customers to reset their passwords to protect affected accounts,” Comcast said in a statement. “In addition, Xfinity strongly recommends that customers enable two-factor or multifactor authentication to secure their Xfinity account, as many Xfinity customers already do. While Xfinity advises customers not to re-use passwords across multiple accounts, the company is recommending that customers change passwords for other accounts for which they use the same username and password or security question.”

KnowTechie: What Comcast customers need to know about the latest data breach

Comcast said customers who have questions can contact their dedicated call center at 1-888-799-2560, which is open 24 hours a day.

“Customers trust Xfinity to protect their information, and the company takes this responsibility seriously,” a Comcast spokesperson said on Monday. “Xfinity remains committed to continued investment in technology, protocols and experts dedicated to helping to protect its customers.”

Separately, a Comcast spokesperson told reporters that the company was not aware of “any customer data being leaked anywhere, nor of any attacks on our customers.”

“We take the responsibility to protect our customers very seriously and have our cybersecurity team monitoring 24-7,” Comcast spokesperson Joel Shadle said.

Get stories like these in your inbox, plus free breaking news alerts on business and policy matters involving media and tech.

Get stories like these in your inbox, plus free breaking news alerts on business and policy matters involving media and tech.

Photo of author

About the Author:

Matthew Keys

Matthew Keys is a nationally-recognized, award-winning journalist who has covered the business of media, technology, radio and television for more than 11 years. He is the publisher of The Desk and contributes to Know Techie, Digital Content Next and StreamTV Insider. He previously worked for Thomson Reuters, the Walt Disney Company, McNaughton Newspapers and Tribune Broadcasting.
Home » News » Industries » Security » Comcast warns Xfinity customers of likely data breach