Xfinity Data Security Incident
Notice of Data Security Incident
We are notifying you of a recent data security incident involving your personal information. This notice explains the incident, steps Xfinity has taken to address it, and guidance on what you can do to protect your personal information.
What Happened? On October 10, 2023, one of Xfinity’s software providers, Citrix, announced a vulnerability in one of its products used by Xfinity and thousands of other companies worldwide. At the time Citrix made this announcement, it released a patch to fix the vulnerability. Citrix issued additional mitigation guidance on October 23, 2023. We promptly patched and mitigated our systems. However, we subsequently discovered that prior to mitigation, between October 16 and October 19, 2023, there was unauthorized access to some of our internal systems that we concluded was a result of this vulnerability. We notified federal law enforcement and conducted an investigation into the nature and scope of the incident. On November 16, 2023, it was determined that information was likely acquired.
What Information Was Involved? On December 6, 2023, we concluded that the information included usernames and hashed passwords; for some customers, other information was also included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers. However, our data analysis is continuing, and we will provide additional notices as appropriate.
What We Are Doing. To protect your account, we have proactively asked you to reset your password. The next time you login to your Xfinity account, you will be prompted to change your password, if you haven’t been asked to do so already.
What You Can Do. We strongly encourage you to enroll in two-factor or multi-factor authentication. While we advise customers not to re-use passwords across multiple accounts, if you do use the same information elsewhere, we recommend that you change the information on those other accounts, as well. You can review the “Additional Information” section below for information on how you can further protect your personal information.
More Information. If you have additional questions, please contact IDX, Xfinity’s incident response provider managing customer notifications and call center support, at 888-799-2560 toll-free, 24 hours a day, 7 days a week. More information is available on the Xfinity website at www.xfinity.com/dataincident. We know that you trust Xfinity to protect your information, and we can’t emphasize enough how seriously we are taking this matter. We remain committed to continue investing in technology, protocols and experts dedicated to helping to protect your data and keeping you, our customer, safe.
Sincerely, Xfinity