U.S. cable giant Comcast said private information on 237,703 customers — including Social Security numbers — was accessed by an “unauthorized third party” earlier this year.
Comcast disclosed the security breach in a filing with the Maine attorney general’s office on Oct. 3, as reported earlier by tech news site Bleeping Computer. The incident, which occurred in February 2024, involved unauthorized access of systems operated by Financial Business and Consumer Solutions, a third-party service provider previously used by Comcast. Comcast, in a notice to customers also submitted to the Maine AG’s office, said, the security incident “occurred entirely at FBCS and not at Xfinity or on Comcast systems.”
FBCS’s investigation discovered that files downloaded by the hacker or hackers included Comcast customers’ name, address, Social Security number, date of birth, and Comcast account number and ID numbers used internally at FBCS, according to Comcast’s notice.
On March 13, 2024, FBCS notified Comcast that it had experienced a data breach incident but said that Comcast consumer data was “not impacted,” according to the cable company. But July 17, FBCS notified Comcast that from Feb. 14-26, 2024, an “unauthorized party gained access to FBCS’s computer network and some of its computers” and accessed Comcast customer data dating from around 2021. FBCS also notified the FBI of this attack, according to the Comcast customer notice.
According to Comcast, it is offering affected customers complimentary identity-theft protection services for at least 12 months through membership in CyEx Identity Defense Complete, which includes credit-monitoring services.
Comcast also said that in addition to enrolling in identify-theft protection services it encourages customers “to remain vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity.”
Separately, on Monday (Oct. 7), Comcast Business released its 2024 Cybersecurity Threat Report, based on the analysis of 29 billion cybersecurity events detected by Comcast Business across its security customers in 2023. The report “highlights significant changes in the cybersecurity landscape, driven by sophisticated threat actors, an expanding attack surface and the transformative power of AI,” according to the company.
Source Agencies
