Comcast Xfinity Data Breach Lawsuit
- The Fee Is Free Unless You Win®.
- America's Largest Injury Law Firm™
- Protecting Families Since 1988
- 20 Billion+ Won
- 1,000+ Lawyers Nationwide
Free Case Evaluation
The attorneys featured above are licensed in Florida. For a full list of attorneys in your state please visit our attorney page.
Comcast Xfinity Data Breach Lawsuit
On Monday, December 18, 2023, Comcast Cable Communications, also known as Xfinity, announced hackers had accessed its customers' personal information by exploiting a vulnerability in software used by one of its software providers, Citrix Systems, Inc. (Citrix.) Citrix announced the vulnerability on October 10, 2023, and released a patch to its customers to fix the issue. However, during a routine cybersecurity exercise on October 25, Xfinity discovered suspicious activity and subsequently determined between October 16 and October 19, 2023, there was unauthorized access to some of Xfinity's internal systems.
On November 16, 2023, after an investigation into the breach, it determined that third-party hackers likely acquired the information of nearly 36 million Xfinity customers. After additional review of the affected systems and data, the cable company concluded on December 6, 2023, that the customer information in scope included usernames and hashed passwords, and for some customers, other personal information may have been accessed. Unfortunately, this is not the first time Citrix Systems has had its software hacked. Since August 2023, hackers have used the Citrix vulnerability, also known as the "Citrix Bleed" to access the personal information of thousands.
If you or someone you know has been affected by the Xfinity / Citrix data breach, don't wait. Contact our data breach attorneys today to learn more about how we may be able to help you by completing our free, no-risk case evaluation form.
How it works
It's easy to get started.
The Fee Is Freeâ„¢. Only pay if we win.
Results may vary depending on your particular facts and legal circumstances.
Step 1
Submit
your claimWith a free case evaluation, submitting your case is easy with Morgan & Morgan.
Step 2
We take
actionOur dedicated team gets to work investigating your claim.
Step 3
We fight
for youIf we take on the case, our team fights to get you the results you deserve.
Client success
stories that inspire and drive change
Explore over 55,000 5-star reviews and 800 client testimonials to discover why people trust Morgan & Morgan.
Results may vary depending on your particular facts and legal circumstances. Based on Select nationwide reviews
FAQ
Get answers to commonly asked questions about our legal services and learn how we may assist you with your case.
Who Was Affected by the Xfinity Data Breach?
According to a report filed to Maine's attorney general, the breach has impacted 35,879,455 individuals with Xfinity accounts. The Citrix vulnerability, also known as the "Citrix Bleed," has also been linked to hacks targeting the Industrial and Commercial Bank of China's New York arm and a Boeing subsidiary, among others. For more information about who has been affected by the Citrix Bleed or if you believe you are one of the 35 million affected, we may be able to help you. Learn more today by contacting a Morgan & Morgan data breach attorney today.
What is Citrix?
Citrix Systems, Inc. is a multinational cloud computing and virtualization technology company used by thousands of companies worldwide. Citrix provides its users with servers, applications, and desktop virtualization, networking, software as a service, and cloud computing technologies. While Citrix released its data breach notice on October 10, 2023, to what is now known as the "Citrix Bleed," according to cybersecurity company Mandiant, the zero-day exploitation of this vulnerability began in late August 2023.
What Information Was Accessed in the Breach?
As listed in the incident report, on December 6, 2023, Xfinity concluded the following customer information was accessed due to the breach.
- Names
- Contact information
- Dates of birth
- Usernames
- Hashed passwords
- Social security number
- Secret questions and answers
Customers who have specifically had their personal information outside of just their username and password will receive notice, including what specific information was accessed. Until then, all Xfinity customers are asked to monitor their accounts out of precaution.
What Remedies Are Xfinity Offering to Their Customers?
To help customers protect their accounts, Xfinity is asking that its customers reset their passwords the next time they log in. The company also strongly encourages its customers to enroll in two-factor or multi-factor authentication. Xfinity is also warning customers about the risks of using the same password across multiple accounts, as it may increase their risk factor. "While we advise customers not to re-use passwords across multiple accounts if you do use the same information elsewhere, we recommend that you change the information on those other accounts, as well."
Xfinity is also offering its customers with additional questions access to its IDX, Xfinity's incident response provider managing customer notifications and call center support. Customers can contact IDX at 888-799-2560, toll-free 24 hours a day, seven days a week.
Protecting Yourself After a Data Breach
Affected individuals also have the option to monitor their own credit using free online credit reporting tools provided by credit unions like Equifax, Experian, and Transunion, who offer one free credit check a year. For more frequent credit monitoring, Credit Karma allows their users daily access and alerts in case anyone fraudulently uses your details to obtain credit cards or loans, free of cost.
Those who do find fraudulent activity on their accounts can contact the Federal Trade Commission (FTC), your state's Attorney General's office, or law enforcement to report incidents of identity theft, as well as contact any of the previously listed credit reported companies to request a "Security Freeze" on their credit file, at no charge. Under the Fair Credit Reporting Act, victims have the right to be told if information in their credit file has been used against them, the right to know what is in their credit file, the right to ask for their credit score, and the right to dispute incomplete or inaccurate information.
To learn more information on what steps you can take to protect yourself from identity theft, visit the FTC's websites at www.identitytheft.gov. For more information on the Xfinity / Citrix data breach, affected individuals can contact an attorney.
Compensation for a Data Breach Case
Victims who file a lawsuit against the company liable for their information being stolen are eligible to recover compensation for emotional distress, damage to their credit, unauthorized charges to their accounts, the cost of credit repair or monitoring, time and expense with the investigation, and more. For an accurate representation of what you may be eligible to recover in a data breach lawsuit, contact a Morgan & Morgan data breach attorney today.
How Can a Morgan & Morgan Data Breach Attorney Help?
If you were affected by the Xfinity / Citrix data breach, don't wait to contact an attorney. After your information is compromised due to a data breach, it is essential you know what may be at risk. Speaking with a Morgan & Morgan attorney can help you understand what your legal options are and increase your chances of recovering the compensation you and your loved ones deserve after third-party hackers have stolen your private information. For more information on how a Morgan & Morgan data breach attorney can help, contact us today by completing our free, no-obligation case evaluation form. See why millions trust us.
More Like This
types we may be able to assist with, visit our Practice Areas page.
