Comcast—Xfinity disclosed breach exposing personal data of 35.8 million customers via Citrix Bleed vulnerability

Dec 18, 2023

On December 18, 2023 Comcast's Xfinity broadband unit disclosed a data breach affecting approximately 35.8 million customers, in which attackers exploited the CVE-2023-4966 'Citrix Bleed' vulnerability between October 16-19, 2023. Exposed data included usernames, hashed passwords, partial Social Security numbers, dates of birth, contact information and secret questions/answers. Xfinity disclosed only after a 2-month delay, exposing affected customers to credential-stuffing risk during the gap.

Scoring Impact

Topic	Direction	Relevance	Contribution
Corporate Transparency	-against	secondary	-0.50
Data Security	-against	primary	-1.00
User Privacy	-against	primary	-1.00
Overall incident score =			-0.357

Score = avg(topic contributions) × significance (high ×1.5) × confidence (0.57)× agency (negligent ×0.5)

Evidence (1 signal)

Confirms Statement Dec 18, 2023 documented

Comcast Xfinity confirmed 35.8M customers affected by Citrix Bleed breach

TechCrunch reported Comcast Xfinity's December 18, 2023 disclosure that approximately 35.8 million customers had personal data exposed via the Citrix Bleed (CVE-2023-4966) vulnerability between October 16-19, 2023, disclosed only two months after discovery.

TechCrunch

Related: Same Topics

Mira Murati · Gave evasive and contradictory answers about Sora AI video model's training data sources

Mar 13, 2024

Koa Health · Koa Health published third-party ethics audit showing 24% improvement and perfect bias reduction scores

Jun 1, 2023

Wysa · Wysa found sharing user data with Facebook in 2021 Consumer Reports investigation

Mar 1, 2021

Proton AG · Proton restructured ownership under Swiss nonprofit Proton Foundation to protect privacy mission

Apr 1, 2024

GitLab · GitLab published comprehensive open source stewardship policy with public handbook and development

Jan 1, 2022