Comcast's Xfinity says there was unauthorized access to its internal systems between Oct. 16 and Oct. 19.
Comcast told TechCrunch that Xfinity, which provides video, broadband and phone services, had been exploited by hackers through a critical-rated security vulnerability and accessed the sensitive information of almost 36 million customers.
The companhy said it had notified federal law enforcement and started an investigation.
The unauthorized access led to customer information that was "likely acquired," including usernames, hashed passwords, contact details and last four digits of social security numbers, the company said.
The company said the software-related risk has been resolved.
Data analysis for the breach, first detected on Oct. 25 during a routine cybersecurity exercise, is still ongoing.
© 2025 Thomson/Reuters. All rights reserved.