Signage for Xfinity, the cable division of Comcast, is displayed in Philadelphia, July 15, 2015. Hackers accessed Xfinity customers’ personal information by exploiting a vulnerability in software used by the company, the Comcast-owned telecommunications business announced this week. In a Monday, Dec. 18, 2023, notice to customers, Xfinity said there was unauthorized access to internal systems as a result of this vulnerability — which was previously announced by software provider Citrix — between Oct. 16 and 19. (AP Photo/Matt Rourke, File)
Hackers accessed Xfinity customers' personal information by exploiting a vulnerability in software used by the company, the Comcast-owned telecommunications business announced this week.
In a Monday notice to customers, Xfinity said there was unauthorized access to internal systems as a result of this vulnerability — which was previously announced by software provider Citrix — between Oct. 16 and 19.
Xfinity discovered the “suspicious activity” on Oct. 25, and in the following months determined that information was “likely acquired.” On Dec. 6, the company concluded that information included usernames and hashed passwords — and, for some customers, the last four digits of Social Security numbers, account security questions, birthdates and contact information.
Analysis of the breach is still continuing but to date, Xfinity is “not aware of any customer data being leaked anywhere, nor of any attacks on our customers,” the company said in a statement sent to The Associated Press Tuesday.
Xfinity is also requiring customers to reset their passwords, while strongly recommending two-factor or multifactor authentication.
A filing with Maine's office of the attorney general disclosed that nearly 35.9 million people were affected by this breach. The company declined to confirm a specific number Tuesday, but noted the filing's figure represents user IDs.
Philadelphia-based Comcast has more than 32 million broadband customers, according a recent earnings release.
In addition to Xfinity, Citrix provides software to thousands of companies around the world. The previously-announced vulnerability, dubbed “Citrix Bleed,” has also been linked to hacks targeting the Industrial and Commercial Bank of China's New York arm and a Boeing subsidiary, among others.
Under new rules that went into effect Monday, the Securities Exchange Commission now requires public companies to disclose all cybersecurity breaches that could affect their bottom lines — within four days of determining a breach is material. As of Tuesday, there were no SEC filings from Comcast about the recent data breach and the company did not immediately address it.
The Rev. Al Sharpton is set to lead a protest march on Wall Street to urge corporate America to resist the Trump administration’s campaign to roll back diversity, equity and inclusion initiatives. The New York civil rights leader will join clergy, labor and community leaders Thursday in a demonstration through Manhattan’s Financial District that’s timed with the anniversary of the Civil Rights-era March on Washington in 1963. Sharpton called DEI the “civil rights fight of our generation." He and other Black leaders have called for boycotting American retailers that scaled backed policies and programs aimed at bolstering diversity and reducing discrimination in their ranks.
President Donald Trump's administration last month awarded a $1.2 billion contract to build and operate what's expected to become the nation’s largest immigration detention complex to a tiny Virginia firm with no experience running correction facilities.
Chipmaker Nvidia is poised to release a quarterly report that could provide a better sense of whether the stock market has been riding an overhyped artificial intelligence bubble or is being propelled by a technological boom that’s still gathering momentum.
Cracker Barrel said late Tuesday it’s returning to its old logo after critics — including President Donald Trump — protested the company’s plan to modernize.
Low-value imports are losing their duty-free status in the U.S. this week as part of President Donald Trump's agenda for making the nation less dependent on foreign goods. A widely used customs exemption for international shipments worth $800 or less is set to end starting on Friday. Trump already ended the “de minimis” rule for inexpensive items sent from China and Hong Kong, but having to pay import taxes on small parcels from everywhere else likely will be a big change for some small businesses and online shoppers. Purchases that previously entered the U.S. without needing to clear customs will be subject to the origin country’s tariff rate, which can range from 10% to 50%.
Southwest Airlines will soon require plus-size travelers to pay for an extra seat in advance if they can't fit within the armrests of one seat. This change is part of several updates the airline is making. The new rule starts on Jan. 27, the same day Southwest begins assigning seats. Currently, plus-size passengers can pay for an extra seat in advance and later get a refund, or request a free extra seat at the airport. Under the new policy, refunds are still possible but not guaranteed. Southwest said in a statement it is updating policies to prepare for assigned seating next year.
Cracker Barrel is sticking with its new logo. For now. But the chain is also apologizing to fans who were angered when the change was announced last week.
Elon Musk on Monday targeted Apple and OpenAI in an antitrust lawsuit alleging that the iPhone maker and the ChatGPT maker are teaming up to thwart competition in artificial intelligence.
