How many records were affected in the Xfinity/Comcast breach?

The Xfinity/Comcast data breach affected 35.9 million records. Data types exposed include: usernames, hashed passwords, names, contact information, dates of birth, partial SSNs, security questions.

What should I do if I was affected by the Xfinity/Comcast breach?

If you were affected, change your passwords immediately, enable two-factor authentication, monitor your credit reports, and consider placing a credit freeze. You can also submit a DSAR to Xfinity/Comcast requesting deletion of your data.

Is there compensation for Xfinity/Comcast breach victims?

35.9 million customers notified; class action lawsuits filed Check if a class action settlement exists and whether you are eligible to file a claim.

Start discovering the next big thing

Add your brand to the Noizz catalog of 28,697 indexed brands. Free to get started.

Get Started Free

Blossend.com →

medium severity2023-12-18

Xfinity 2023 Data Breach: 35.9 Million Customer Records Exposed

35.9 million

Records affected

Exploitation of Citrix Bleed vulnerability (CVE-2023-4966)

Attack vector

Attackers exploited the Citrix Bleed vulnerability within days of the patch being released, exposing data for 35.9 million customers.

SeekerPro

Unlock Full Privacy Intelligence

Get deep-dive reports on every company that touches your data. SeekerPro members see breach timelines, DSAR success rate...

Learn More

NexusBro

Audit Your Site Free

Run a full privacy and compliance audit on any website in 60 seconds. NexusBro scans cookie consent, tracker behavior, a...

Learn More

BliniBot

Automate Privacy Compliance

Stop wasting hours on manual DSAR filings and cookie consent management. BliniBot handles the busywork so your team can ...

Learn More

Data Types Exposed

usernameshashed passwordsnamescontact informationdates of birthpartial SSNssecurity questions

Response Timeline

October 10 2023: Citrix publishes patch

October 16-19 2023: Xfinity systems accessed through unpatched vulnerability

October 25 2023: Suspicious activity discovered

December 18 2023: Public notification

Detailed Analysis

The Xfinity breach demonstrated the danger of delayed patch application. Attackers exploited unpatched Citrix systems just days after the patch was released. The 35.9 million affected customers represent virtually all Xfinity internet subscribers.

The breach at Xfinity/Comcast exposed 35.9 million records through exploitation of citrix bleed vulnerability (cve-2023-4966). 35.9 million Xfinity customers The incident highlights the ongoing challenges organizations face in protecting sensitive user data against increasingly sophisticated attack vectors. Security researchers have noted that breaches of this magnitude often result from a combination of technical vulnerabilities and organizational failures in security practices.

Current status: 35.9 million customers notified; class action lawsuits filed. Affected users should take immediate steps to protect their accounts, including changing passwords, enabling multi-factor authentication, and monitoring financial accounts for unauthorized activity. Filing a DSAR with Xfinity/Comcast can help you understand what data was exposed and request its deletion.

What To Do If Affected

Change your password immediately on this service and any accounts using the same password
Enable two-factor authentication on all critical accounts
Monitor your credit reports for unauthorized activity
Consider placing a credit freeze with major bureaus
File a complaint with your local data protection authority

Protect Your Data Across Every Platform

Tools trusted by thousands of privacy-conscious users worldwide

Unlock Full Privacy Intelligence Audit Your Site Free Automate Privacy Compliance

No card charged today. Cancel anytime.

medium severity2023-12-18

Xfinity 2023 Data Breach: 35.9 Million Customer Records Exposed

35.9 million

Records affected

Exploitation of Citrix Bleed vulnerability (CVE-2023-4966)

Attack vector

Attackers exploited the Citrix Bleed vulnerability within days of the patch being released, exposing data for 35.9 million customers.

SeekerPro

Unlock Full Privacy Intelligence

Get deep-dive reports on every company that touches your data. SeekerPro members see breach timelines, DSAR success rate...

Learn More

NexusBro

Audit Your Site Free

Run a full privacy and compliance audit on any website in 60 seconds. NexusBro scans cookie consent, tracker behavior, a...

Learn More

BliniBot

Automate Privacy Compliance

Stop wasting hours on manual DSAR filings and cookie consent management. BliniBot handles the busywork so your team can ...

Learn More

Data Types Exposed

usernameshashed passwordsnamescontact informationdates of birthpartial SSNssecurity questions

Response Timeline

October 10 2023: Citrix publishes patch

October 16-19 2023: Xfinity systems accessed through unpatched vulnerability

October 25 2023: Suspicious activity discovered

December 18 2023: Public notification

Detailed Analysis

What To Do If Affected

Change your password immediately on this service and any accounts using the same password
Enable two-factor authentication on all critical accounts
Monitor your credit reports for unauthorized activity
Consider placing a credit freeze with major bureaus
File a complaint with your local data protection authority

Protect Your Data Across Every Platform

Tools trusted by thousands of privacy-conscious users worldwide

Unlock Full Privacy Intelligence Audit Your Site Free Automate Privacy Compliance

No card charged today. Cancel anytime.