Schubert Jonckheer & Kolbe LLP is investigating a data breach impacting the private information of 35.9 million customers of Comcast Cable Communications LLC, which does business as Xfinity.
According to the company, on October 10, 2023, one of Xfinity’s software providers, Citrix, announced a vulnerability in a product used by Xfinity. At the same time, Citrix provided a software patch to fix the vulnerability.
However, six days later, between October 16 and 19, 2023—after Xfinity been notified of the security vulnerability but before it had installed the fix—Xfinity’s internal systems were hacked. Xfinity later concluded that the hack was caused by the unpatched Citrix vulnerability.
Also Read: Why XDR Investment is Necessary for CISOs
The company recently informed customers that the following private information may have been stolen in the breach: usernames and passwords; names; contact information; the last four digits of Social Security numbers; dates of birth; and secret questions and answers.
Although the breach occurred over two months ago, Xfinity only began notifying impacted customers on or around December 18, 2023, which may have violated numerous state laws.
If your private information was impacted by this incident, you may be at risk of identity theft, financial fraud, and other serious violations of your privacy. As a result, you may be entitled to money damages and an injunction requiring changes to Xfinity’s cybersecurity practices.
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.