Comcast data breach: what happened and how to protect your info

The stakes are high when companies fail to protect personally identifiable information (PII). Recent studies show that nearly half attribute a data breach to a company’s lack of appropriate security measures. The erosion of trust is amplified when major providers mishandle sensitive customer data.

Within a few months, Comcast experienced two data breaches related to its Xfinity service. One Comcast data breach occurred in late 2023, and the other incident happened in early 2024. Combined, the breaches exposed the personal data of millions of customers, while also raising new concerns about software vulnerabilities, legacy vendor risks, and the long-term effects for affected users.

If you’re an Xfinity customer, here’s what you need to know: how the Comcast Xfinity data breach happened, what data was compromised, and the steps you should take to protect your information. 

Breaking down the Comcast data breaches

The 2023 Xfinity breach and CitrixBleed vulnerability

The 2023 Comcast data breach was linked to CitrixBleed, a widely publicized vulnerability (CVE-2023-4966) in Citrix’s NetScaler ADC and gateway software. While Citrix issued a patch for the vulnerability in early October, many organizations, including Comcast, did not apply it immediately. The lack of swift action left customers critically vulnerable to exposure. 

Between October 16th and 19th, threat actors exploited this security gap and accessed the provider’s internal systems. The Comcast data breach wasn’t publicly disclosed until December 18th, 2023, but it confirmed that 36 million Xfinity accounts were compromised. CitrixBleed allowed cybercriminals to hijack authenticated user sessions without needing the credentials. 

They could access sensitive data without triggering security alerts. This breach revealed how fast-moving zero-day vulnerabilities can lead to massive consequences when delayed responses occur. 

The 2024 Comcast data breach: a third-party vendor incident

A second breach occurred because of a ransomware attack on FBCS, on February 14th, 2024. Comcast contracted the third-party debt collection vendor in 2020. The attackers compromised FBCS’s systems and accessed legacy Comcast customer data even though the vendor was no longer working with the company.

Though the attack wasn’t as widespread, it affected about 237,000 broadband customers. Following the attack, Comcast confirmed that the breach was related to past accounts and admitted to being unaware of it until FBCS notified them in January. The attack revealed that risks are still involved with former vendors storing sensitive information long after a business relationship ends. 

What data was exposed in both breaches?

The 2023 and 2024 Comcast data breaches compromised high-risk, sensitive customer information. During the 2023 Xfinity data breach, attackers accessed a broad range of personal information, including: 

• Customer birthdates
• Full or partial Social Security numbers
• Contact information, such as email addresses and phone numbers
• Usernames and hashed passwords
• Password reset hints and security question answers
  

The 2023 Xfinity breach, called the CitrixBleed vulnerability, was one of the top 15 vulnerabilities cybercriminals targeted during an attack. The 2024 Comcast breach involved threat actors targeting Comcast’s former third-party vendor, where cybercriminals accessed data that is easily misused in fraud and phishing attacks, including:

• Full customer names
• Account numbers
• Billing addresses
• Full or partial Social Security numbers
• Dates of birth
  

While FBCS was no longer an active vendor, the legacy customer data remained on file. As of July 2024, over 4 million individuals were affected by the FBCS breach, including customers of Truist Bank, another FBCS partner. The growing number of impacted organizations raises questions about how many companies are still vulnerable thanks to legacy vendor data storage. 

Find out if your data was compromised

If you want to know if criminals accessed your data during a Comcast data breach, check your files for breach notification letters from Comcast and FCBS.  

Following the 2023 Comcast breach, the company sent a notice to affected customers via email after publicly disclosing the event. The message included details about what information criminals accessed and what Comcast was doing to reduce customer risks, including password resets and other recommendations.

During the second breach, FCBS informed Comcast that criminals accessed the information of their customers on February 14th, 2024. Following the incident, Comcast sent a data breach notice to its customers to explain that criminals illegally accessed the accounts in a ransomeware attack and offer advice on what customers should do to protect themselves.

If you received one of these letters, your data was almost certainly exposed in the breach. Even if a letter never came, you could still be at risk. Take these steps to safeguard yourself:

• Sign in to your Xfinity account: Log in to your account and scan it for any odd notifications. 
• Watch your financial accounts: Review your bank account and credit card bills for unauthorized transactions. 
• Review past correspondence: Be thorough as you check your inbox for anything out of the ordinary. Search for breach notices in your spam folders, as you look for notifications about the Comcast data breach. 
• Consider identity protection services: ID theft protection can’t stop identity theft, but these services are helpful if it happens. Use them to set up fraud alerts, freeze your credit, contact banks and creditors, and cover losses caused by fraud.

Comcast’s response: security solutions and criticism

What Comcast did after each breach

After both breaches, Comcast and FBCS made an effort to improve their security but unfortunately, their actions left many unhappy customers. 

The December Xfinity breach response included: 

• Password resets: Comcast required all Xfinity customers to reset their passwords, regardless of whether their account was directly affected.
• Using two-factor authentication: After the breach, Comcast strongly recommended that each customer turn on 2FA for extra protection. 
• Investigations and solutions: The provider partnered with cybersecurity experts to check and remove any backdoors or malware that attackers used to access Xfinity customers’ personal information.

2024 FBCS vendor breach response was marked by:

• Delayed updates: Comcast was informed about the breach on March 13th, 2024, nearly a month after the event. Initially, FCBS reported that Comcast customers weren’t part of the breach. FBCS realized the initial report was wrong and notified Comcast on July 17th, 2024, that the data of Xfinity customers was also involved. 
• Third-party investigations and Comcast involvement in notifying customers: The vendor reported their findings to the FBI while working with third-party security specialists. Their investigation confirmed that attackers downloaded customer data. On August 16th, 2024, Comcast began sending letters to their customers. They provided complimentary identity theft protection through CyEx Identity Defense Complete.

Still, these efforts weren’t enough as customers left angry and frustrating comments when they tried to reset passwords or get support and communicate with Comcast during both incidents. 

Why customers were concerned 

The communication delays sparked criticism around Comcast’s incident response transparency. On Reddit, users complained about the company’s failure to promptly disclose the breach. One user said, “They could’ve at least been up-front about the reasons when they made that post 2 weeks ago,” referencing the delay between the discovery of the breach and informing the public. 

Another Redditor shared that their relative’s Xfinity account was repeatedly compromised, despite using a complex password and multi-factor authentication as instructed.

The Xfinity community forum revealed more reports of customers receiving more spam calls and phishing attacks after the breaches. 

Legal impact of the Comcast data breach incidents

Several lawsuits followed the 2023 Xfinity breach

After the 2023 data breach, Comcast faced a series of class action lawsuits, most notably those filed in Pennsylvania and New Jersey. In those cases, the plaintiffs allege that Comcast and Citrix didn’t adequately protect their customers, which is why personal data of 36 million individuals was exposed. The Xfinity lawsuit also mentions negligence, breach of contract, and unjust enrichment. 

Milberg LLP, one of the firms leading the litigation, is seeking damages and injunctive relief, claiming Comcast had a duty to oversee and verify the integrity of its IT vendors and their affiliates.

The 2024 Comcast breach and new legal actions

Legal scrutiny is growing in the aftermath of the 2024 breach. As more details emerge, ongoing investigations examine how the ransomware attack occurred, whether proper data safeguards were in place, and what role Comcast may have played in handling or mishandling customer information. Yes, the breach originated at FBCS, but it still impacted Comcast customers, which prompts the debate over shared liability. 

Legal filings argue that Comcast failed to validate its third-party vendor’s data protection protocols. This raises the questions: Should companies be held accountable for how former vendors manage sensitive data? If yes, to what extent?

Many class action lawsuits are exploring these issues, with plaintiffs citing inadequate vendor oversight and a failure to require secure data retention practices. 

Can you join a class action lawsuit?

If you received a data breach notification from Comcast or FCBS, you could be eligible to participate in the Xfinity class action lawsuit. You can determine your eligibility by reviewing past communications from Comcast or FBCS about the data breaches. The letter should specify that the breach compromised your personal information. 

If you’re confident that your info was compromised, here’s how you can join an active Xfinity lawsuit: 

• Research active lawsuits – Visit reputable legal websites such as ClassAction.org to locate information on current lawsuits related to Comcast. 
• Submit your claim – If you are eligible for a lawsuit, you may need to provide documentation of the notifications you received.
• Contact legal counsel – Consider contacting the law firm handling the case, such as Milberg LLP, and get professional advice and assistance.
  

Joining an Xfinity class action lawsuit is a proactive step in holding companies accountable when a data breach occurs. As an Xfinity customer, there are other ways to secure your account. 

What to do if you’re an Xfinity Customer

Reset your password and activate 2-step verification

Strengthening your login security is one of the fastest ways to reduce risk. Start by creating a new, strong password. The ideal password uses a mix of uppercase and lowercase letters, numbers, and special characters when possible. 

Avoid reusing passwords from other accounts, as they could be compromised without you knowing. Password managers are helpful and allow you to generate and securely store complex credentials. Next, enable two-step verification on your Xfinity account: 

1. Sign in at xfinity.com.
2. Go to Settings > Xfinity ID & Security.
3. Choose 2-step verification, then follow the prompts to link your phone or authentication app. 

Review your account statements and monitor credit reports

The fact that a company starts responding to a breach doesn’t mean identity fraud can’t happen. Review your bank and credit card statements regularly for unfamiliar charges. Cybercriminals will first test stolen information with low-value transactions.

Credit reports are helpful tools and easy to track for suspicious activity. Keep a watchful eye for any new accounts or hard inquiries on your credit report that you don’t recognize. You can access transparent reports from all major credit bureaus for free on AnnualCreditReport.com.

Red flags:

• Collection notices for unfamiliar debts
• Missed payments for accounts you don’t recognize
• Unexpected withdrawals or account changes

Report Identity theft to the FTC and law enforcement

You must act quickly when the worst occurs, or suspect someone is misusing your personal information. Visit IdentityTheft.gov, the FTC’s official recovery site, for the next steps. Here, you can: 

• File a report.
• Create a personalized recovery plan.
• Automatically create written letters and forms to send to creditors.
  

Next, report the incident to your local law enforcement agency, as many creditors request a police report. This process establishes a formal paper trail and can strengthen your protection. Managing your security after a breach is an ongoing effort. Fortunately, there are more actions you can take to protect yourself.

Enable fraud alerts on your file with the three credit bureaus

Place a free, one-year fraud alert with any major credit bureau. Whether you choose Equifax, Experian, or TransUnion, they will notify the others. This action alerts creditors to verify your identity before opening new accounts in your name. 

Consider placing a security freeze on your credit report

A security freeze blocks criminals from accessing your credit file. It also prevents creditors from issuing new lines of credit without your approval. It’s free, doesn’t affect your credit score, and can be lifted anytime. 

Smart habits to reduce future breach risks

Limit what you share online

Our world is connected through social media and other online platforms. Being safe means practicing good social hygiene and being cautious about your online activities. Avoid posting sensitive details on social media, such as your birthday, address, or workplace. 

Limit who can see your posts or contact you with privacy settings. Don’t announce your travel plans publicly. This information will aid attackers in phishing attacks or answering your security questions. Treat your online presence like part of your security footprint. 

Even after a breach, you can make it harder for bad actors to exploit your data. 

Delete personal data from broker and people-search sites

Your name, address, and phone number are highly valuable to cyber attackers. They can scrape these details from the public web and use them to make fraud and social engineering attacks more sophisticated and believable.

Removing your data from data brokers and people-search sites, like MyLife, protects your information from scammers. Onerep can help you opt out of these websites effectively. We have automated the process of scanning and removing your information from hundreds of data brokers that expose it on the public web. Once we get it taken down, we will continue monitoring these sites to make sure your data is not republished or discoverable on Google. 

Stay alert to phishing and impersonation scams

Cybercriminals are constantly changing tactics and improving their attempts to fool unsuspecting victims. Watch for emails, calls, or texts that ask for login details or personal info, even if they appear to come from a trusted company. Don’t click any links unless you’re sure they are legitimate.

Keep your devices up-to-date

Always install software updates on your phone, computer, and router. The updates often include patches that fix exploitable security flaws, and delaying them could expose you. 

FAQs

Was Xfinity hacked in 2023 or 2024?

Yes, Xfinity was impacted by breaches in 2023 and 2024. The 2023 incident involved a Citrix software vulnerability, while the 2024 Xfinity breach came from a ransomware attack on a third-party vendor, FBCS. 

What data was exposed in the Comcast breach?

The breaches exposed usernames, hashed passwords, contact information, Social Security numbers, account numbers, and answers to security questions. 

Is there a lawsuit over the Xfinity data breach?

Yes, there are multiple class action lawsuits in Pennsylvania, New Jersey, and other jurisdictions. 

How can I tell if my Xfinity account was affected?

First, check for an official data breach notification from Comcast or FBCS. You can also log in to your Xfinity account to review any alerts and monitor for unusual activity.

What should I do if my Comcast account was compromised?

First, reset your password and enable two-factor authentication. Then, continue to monitor your financial accounts and consider removing your information from people-search sites.