Millions of Comcast Customers May Have Had Their Data Hacked
Scores of Comcast customers may have had their private data exposed in a far-reaching hacking incident. The New York Post and TechCrunch reported the news. The cable and internet provider sent a letter to customers revealing that “between October 16 and October 19, 2023, there was unauthorized access to our internal systems that we concluded was a result of the Citrix vulnerability.” Citrix is one of Comcast’s software providers.
Comcast began an investigation after becoming aware of the breach last month. “On December 6, 2023, we concluded that the information included usernames and hashed passwords,” the letter reads. “For some customers, other information was also included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers. However, our data analysis is continuing, and we will provide additional notices as appropriate.”
In a data breach notification filed with Maine’s attorney general, Comcast revealed that nearly 36 million customers had been exposed in the leak. It wasn’t immediately clear how much private information was gleaned from each person, though.
Citrix, used by many high-profile corporations, has suffered from a vulnerability known colloquially as “CitrixBleed.” Hackers have taken tremendous advantage of the vulnerability since August, gaining private data from Boeing and the Industrial and Commercial Bank of China, amongst others. TechCrunch reported that, although Citrix developed patches in early October, many corporations did not use them in time.
Comcast is recommending that all customers change their current password, and urge them to opt into multi-factor authentication processes. In their statement, Comcast touched upon the threat security hacks pose to all companies while reiterating their commitment to protecting their clientele.
“In today’s environment, large companies face cybersecurity threats constantly,” the company said. “We have robust security programs in place which help us to discover criminal activity such as this one and to quickly mitigate it. Customers trust us to protect their information, and the company takes this responsibility seriously.”
Comcast’s data hack comes just a few weeks after genetic testing website 23andMe reported that millions of its users had sensitive information exposed in a data breach.
