Comcast’s Xfinity said on Monday there was unauthorized access to its internal systems between Oct. 16 and Oct. 19.
Xfinity, which provides video, broadband and phone services, said it had notified federal law enforcement and started an investigation.
The unauthorized access led to customer information that was “likely acquired”, including usernames, hashed passwords, contact details and last four digits of social security numbers, the company said.
The data breach was due to a Citrix software vulnerability, the company said, adding that the software-related risk was now resolved.
Data analysis for the breach, first detected on Oct. 25 during a routine cybersecurity exercise, is still ongoing. Reuters