Comcast Xfinity issued a warning for customers on Monday after the company announced that it had suffered a massive data breach in the fall.
On Monday, Xfinity issued a notice of a data security incident that occurred between October 16 and October 19, 2023, which allowed unauthorized access to the company’s internal data systems due to a vulnerability at the cloud computing company, Citrix.
Personal information may have been compromised for an estimated 35 million customers, the company said.
Xfinity said that on December 6, the company had determined that the compromised data included usernames, passwords, names, contact information, social security numbers, and more private information, though the company said that it is continuing to determine the extent of the situation.
Related: Maine Hacked in Data Breach, 1.3 Million Residents At Risk
“Xfinity has required customers to reset their passwords to protect affected accounts,” the company explained in a release. “In addition, Xfinity strongly recommends that customers enable two-factor or multi-factor authentication to secure their Xfinity account, as many Xfinity customers already do. While Xfinity advises customers not to re-use passwords across multiple accounts, the company is recommending that customers change passwords for other accounts for which they use the same username and password or security question.”
Last December, Xfinity also suffered a hack during a mass cyber attack, which was able to bypass customers’ two-factor identification protection systems.
Related: T-Mobile Data Breach Affects 37 Million, 8th Hack Since 2018
“We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers,” Xfinity spokesperson Joel Shadle told The Verge regarding the October 2023 breach. “We take the responsibility to protect our customers very seriously and have our cybersecurity team monitoring 24×7.”
Comcast did not immediately respond to Entrepreneur’s request for comment.