Follow America's fastest-growing news aggregator, Spreely News, and stay informed. You can find all of our articles plus information from your favorite Conservative voices. 

Upon reports of a security breach involving customer data in October, Xfinity internet users may want to consider seeking a refund and finding a new service provider.

This breach reportedly included some customers’ names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers.

Xfinity advises its customers to monitor their credit reports for potential fraud or identity theft using the three major credit agencies: Equifax, Experian and TransUnion.

On December 29 at around 5 am some customers received an email about the “data security incident”.

According to CBS News, the intrusion was linked to a software vulnerability from cloud computing company Citrix that had been patched in October; however, unauthorized access to Xfinity’s internal systems took place between October 16th and 19th.

In addition to this incident, Citrix Bleed has been connected with other hacks affecting the Industrial and Commercial Bank of China’s New York arm and a Boeing subsidiary.

Comcast is notifying affected customers via email and its website about the attack.

It is uncertain what impacts this event could have on users of the internet service provider and American national security.

Xfinity sent the following email to customers:

Xfinity Data Security Incident

Notice of Data Security Incident
We are notifying you of a recent data security incident involving your personal information. This notice explains the incident, steps Xfinity has taken to address it, and guidance on what you can do to protect your personal information.

What Happened? On October 10, 2023, one of Xfinity’s software providers, Citrix, announced a vulnerability in one of its products used by Xfinity and thousands of other companies worldwide. At the time Citrix made this announcement, it released a patch to fix the vulnerability. Citrix issued additional mitigation guidance on October 23, 2023. We promptly patched and mitigated our systems.

However, we subsequently discovered that prior to mitigation, between October 16 and October 19, 2023, there was unauthorized access to some of our internal systems that we concluded was a result of this vulnerability. We notified federal law enforcement and conducted an investigation into the nature and scope of the incident. On November 16, 2023, it was determined that information was likely acquired.

What Information Was Involved? On December 6, 2023, we concluded that the information included usernames and hashed passwords; for some customers, other information was also included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers. However, our data analysis is continuing, and we will provide additional notices as appropriate.

What We Are Doing. To protect your account, we have proactively asked you to reset your password. The next time you login to your Xfinity account, you will be prompted to change your password, if you haven’t been asked to do so already.

What You Can Do. We strongly encourage you to enroll in two-factor or multi-factor authentication. While we advise customers not to re-use passwords across multiple accounts, if you do use the same information elsewhere, we recommend that you change the information on those other accounts, as well. You can review the “Additional Information” section below for information on how you can further protect your personal information.

More Information. If you have additional questions, please contact IDX, Xfinity’s incident response provider managing customer notifications and call center support, at 888-799-2560 toll-free, 24 hours a day, 7 days a week. More information is available on the Xfinity website at www.xfinity.com/dataincident.

We know that you trust Xfinity to protect your information, and we can’t emphasize enough how seriously we are taking this matter. We remain committed to continue investing in technology, protocols and experts dedicated to helping to protect your data and keeping you, our customer, safe.

Sincerely,

Xfinity

Additional Information

In general, you should remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring your credit reports. You are entitled to a free copy of your credit report annually. To obtain your credit report, visit www.annualcreditreport.com, call toll-free 1-877-322-8228, or mail an Annual Credit Report Request Form (available at www.annualcreditreport.com) to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA, 30348-5281. You can also purchase a copy of your credit report or contact the three major credit reporting bureaus at:

Equifax
PO Box 740241
Atlanta, GA 30374
www.equifax.com
888-378-4329
Experian
PO Box 2002
Allen, TX 75013
www.experian.com
888-397-3742
TransUnion
PO Box 1000
Chester, PA 19016
www.transunion.com
800-888-4213

You should report any actual or suspected identity theft to the Federal Trade Commission and law enforcement. You can obtain information from the Federal Trade Commission and the three major credit bureaus about additional steps you can take to protect yourself against identity theft and fraud, as well as information on placing security freezes and fraud alerts on your credit report. You can contact the Federal Trade Commission at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; and 1-877-ID-THEFT (1-877-438-4338). This notice was not delayed as a result of a law enforcement investigation.

You may place a security freeze on your credit reports, free of charge. A security freeze prohibits a credit reporting agency from releasing any information from a consumer’s credit report without written authorization. However, please be aware that placing a security freeze on your credit report may delay, interfere with, or prevent the timely approval of any requests you make for new loans, credit mortgages, employment, housing, or other services. You will need to place a security freeze separately with each of the three major credit bureaus if you wish to place a freeze on all of your credit files. In order to request a security freeze, you will need to supply your full name, address, date of birth, Social Security number, current address, all addresses for up to five previous years, email address, a copy of your state identification card or driver’s license, and a copy of a utility bill, bank or insurance statement, or other statement proving residence. To find out more on how to place a security freeze, contact the credit reporting agencies:

Equifax
P.O. Box 105788
Atlanta, GA 30348
888-298-0045
equifax.com/personal/credit-report-services/credit-freeze/
Experian
P.O. Box 9554
Allen, TX 75013
888-397-3742
experian.com/freeze/center.html
TransUnion
P.O. Box 160
Woodlyn, PA 19094
800-916-8800
transunion.com/credit-freeze

At no charge, you can also have the three major credit bureaus place a fraud alert on your file that alerts creditors to take additional steps to verify your identity prior to granting credit in your name. Note, however, that because it tells creditors to follow certain procedures to protect you, it may also delay your ability to obtain credit while the agency verifies your identity. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts on your file. Should you wish to place a fraud alert, or should you have any questions regarding your credit report, please contact the credit reporting agencies:

Equifax
P.O. Box 105069
Atlanta, GA 30348
888-836-6351
equifax.com/personal/credit-report-services/credit-fraud-alerts/
Experian
P.O. Box 9554
Allen, TX 75013
888-397-3742
experian.com/fraud/center.html
TransUnion
P.O. Box 2000
Chester, PA 19106
800-916-8800
transunion.com/fraud-alerts

For New York residents, the New York Office of the Attorney General can be contacted at The Capitol, Albany, NY, 12224, ag.ny.gov, or 1-800-771-7755.

For North Carolina residents, the North Carolina Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699, ncdoj.gov, or 919-716-6000.

ICYMI: Security Footage Captures Moment Attackers Ambush Parked Car, Murder Young Mother in New York City

Doug Goldsmith

View all posts

2 comments

Your email address will not be published. Required fields are marked *

GET MORE STORIES LIKE THIS

IN YOUR INBOX!

Sign up for our daily email and get the stories everyone is talking about.