Xfinity data breach, Comcast hack affects nearly 36 million customers: What to know

A data breach at Xfinity has given hackers access to the personal information of nearly all of the company's customers.

Comcast, the parent company of Xfinity, sent a notice to customers Monday saying there was "unauthorized access to its internal systems" as a result of a vulnerability in software from cloud computing company Citrix, which is used by Xfinity.

Xfinity said it began notifying customers of the data breach Monday through a variety of channels, including the Xfinity website, email and news media.

The company said the unauthorized users had access to its internal systems between Oct. 16-19 and they discovered the "suspicious activity" during a routine cybersecurity exercise on Oct. 25.

Xfinity says it notified federal law enforcement and initiated an investigation "into the nature and scope of the incident." The company said they determined on Nov. 16 that information was likely acquired.

More tech news:Disney to purchase remaining stake in Hulu for at least $8.61 billion, companies announce

What information was acquired in the Xfinity data breach?

Xfinity said it concluded on Dec. 6 the information acquired by hackers included usernames and hashed passwords, and for some customers, other information may have also been included, such as names, contact information, last four digits of Social Security numbers, dates of birth and/or secret questions and answers.

How many Xfinity customers are affected?

Comcast said in a filing with the Maine attorney general's office that the hack affected 35.8 million people.

The company has more than 32 million broadband customers, according to its most recent earnings report.

What should Xfinity customers do?

Xfinity is requiring customers to reset their passwords to protect affected accounts. Additionally, the company "strongly recommends" that customers enable two-factor or multi-factor authentication to secure their account.

"While Xfinity advises customers not to re-use passwords across multiple accounts, the company is recommending that customers change passwords for other accounts for which they use the same username and password or security question," the company said in a note to its customers.

For more information, customers can call Xfinity's call center at 888-799-2560 toll-free for 24 hours a day, seven days a week.

More information is also available online at www.xfinity.com/dataincident.