Cybercriminals continue developing more sophisticated methods to breach organization’s cyber defense measures. Comcast Cable Communications, which operates as Xfinity, got hit by a data breach, around 35.8 million customers data has been exposed.
According to the company, on October 10, 2023, one of Xfinity’s software providers, Citrix, announced a vulnerability in a product used by Xfinity. At the same time, Citrix provided a software patch to fix the vulnerability.
However, six days later, between October 16 and 19, 2023—after Xfinity had been notified of the security vulnerability but before it had installed the fix— Cyber attackers had already hacked Xfinity’s internal systems. Xfinity later concluded that the unpatched Citrix vulnerability caused the hack.
At the attorney general’s office, Comcast said that over 35.8 million customers had been impacted by the data breach between October 16 and October 19. However, it was on November 16 that the company discovered that the threat actors might have acquired additional data.
The company recently notified customers that the following personal data may have been stolen in the recent data breach:
- Usernames and passwords
- Contact information
- The last four digits of Social Security numbers
- Dates of birth
- Secret questions and answers