Customers warned to take action following Comcast, Xfinity data breach

By: Brendan Losinski | Metro | Published December 21, 2023

Shutterstock image


METRO DETROIT/LANSING — The office of the Michigan Attorney General is alerting Michigan consumers to a massive data breach affecting customers of Comcast/Xfinity nationwide.

Comcast, the parent company of Xfinity, disclosed on Dec. 18 that personal information of Xfinity customers was maliciously accessed in October of this year. Comcast contends that hackers exploited a vulnerability in software provided by Citrix, one of their software providers, and gained access to usernames, passwords, and — for some customers — other information such as names, contact information, the last four digits of their social security numbers, birthdates, or security questions and answers. Comcast asserts over 35 million Xfinity customers were affected by the breach.

“I would advise all affected customers to change their passwords immediately, on their Xfinity accounts but also any other accounts for which they use the same or similar login credentials or security questions,” Attorney General Dana Nessel said in a press release. “My department’s website has tips for those who may be affected, and my consumer protection team stands ready to help any Michigan residents who might experience identity theft as a result of this breach.”  

Comcast says it is notifying customers via the Xfinity website, email, and by alerting news media. On Dec. 18, Xfinity began requiring customers to reset their passwords. Xfinity customers with questions are directed by the company to call (888) 799-2560. Nessel said that Michigan law does not require companies to notify the Attorney General’s office of data breaches, and the number of affected Michigan consumers is unknown.  

The Attorney General’s Office said that consumers can take steps to lower their risk factors during a data breach by taking several actions. This includes watching out for phishing emails seeking personal information or containing personal information, changing passwords, not retaining unnecessary data or files, using multi-factor authentication on devices and accounts; and reviewing credit reports frequently

Those seeking to file a complaint with the Attorney General or get additional information can contact the office’s Consumer Protection Team at (517) 335-7599.