I received this email from Comcast/Xfinity today. Am I reading this right that the patch was released on 10 October 2023, and Comcast did not act until 23 October?
============
Xfinity Data Security Incident
Notice of Data Security Incident
We are notifying you of a recent data security incident involving your personal information. This notice explains the incident, steps Xfinity has taken to address it, and guidance on what you can do to protect your personal information.
What Happened? On October 10, 2023, one of Xfinity’s software providers, Citrix, announced a vulnerability in one of its products used by Xfinity and thousands of other companies worldwide. At the time Citrix made this announcement, it released a patch to fix the vulnerability. Citrix issued additional mitigation guidance on October 23, 2023. We promptly patched and mitigated our systems.
However, we subsequently discovered that prior to mitigation, between October 16 and October 19, 2023, there was unauthorized access to some of our internal systems that we concluded was a result of this vulnerability. We notified federal law enforcement and conducted an investigation into the nature and scope of the incident. On November 16, 2023, it was determined that information was likely acquired.
What Information Was Involved? On December 6, 2023, we concluded that the information included usernames and hashed passwords; for some customers, other information was also included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers. However, our data analysis is continuing, and we will provide additional notices as appropriate.
What We Are Doing. To protect your account, we have proactively asked you to reset your password. The next time you login to your Xfinity account, you will be prompted to change your password, if you haven’t been asked to do so already.
What You Can Do. We strongly encourage you to enroll in two-factor or multi-factor authentication. While we advise customers not to re-use passwords across multiple accounts, if you do use the same information elsewhere, we recommend that you change the information on those other accounts, as well. You can review the “Additional Information” section below for information on how you can further protect your personal information.
More Information. If you have additional questions, please contact IDX, Xfinity’s incident response provider managing customer notifications and call center support, at 888-799-2560 toll-free, 24 hours a day, 7 days a week. More information is available on the Xfinity website at www.xfinity.com/dataincident.
We know that you trust Xfinity to protect your information, and we can’t emphasize enough how seriously we are taking this matter. We remain committed to continue investing in technology, protocols and experts dedicated to helping to protect your data and keeping you, our customer, safe.
I don't ragchew - but the newer digital modes are great for seeing how far your signal can reach. And sites like PSK Reporter are great for having passive validation of how far your signal actually goes, without even having to make a two-way contact.
If I have the right 'Abbyy', I'm surprised that I don't see any information about this data release on their website. Or, maybe not. Are there disclosure laws that one would expect to come into play here?
I cringe every time I see "UPS SmartPost" as shipping method, which uses USPS for delivery. Package literally comes within a couple miles of my house, then continues hundreds of miles to another state for sorting and another 2-3 days of postal tourism.
+1 on requesting shipment methods on Amazon for extra fee.
============
Xfinity Data Security Incident
Notice of Data Security Incident
We are notifying you of a recent data security incident involving your personal information. This notice explains the incident, steps Xfinity has taken to address it, and guidance on what you can do to protect your personal information.
What Happened? On October 10, 2023, one of Xfinity’s software providers, Citrix, announced a vulnerability in one of its products used by Xfinity and thousands of other companies worldwide. At the time Citrix made this announcement, it released a patch to fix the vulnerability. Citrix issued additional mitigation guidance on October 23, 2023. We promptly patched and mitigated our systems.
However, we subsequently discovered that prior to mitigation, between October 16 and October 19, 2023, there was unauthorized access to some of our internal systems that we concluded was a result of this vulnerability. We notified federal law enforcement and conducted an investigation into the nature and scope of the incident. On November 16, 2023, it was determined that information was likely acquired.
What Information Was Involved? On December 6, 2023, we concluded that the information included usernames and hashed passwords; for some customers, other information was also included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers. However, our data analysis is continuing, and we will provide additional notices as appropriate.
What We Are Doing. To protect your account, we have proactively asked you to reset your password. The next time you login to your Xfinity account, you will be prompted to change your password, if you haven’t been asked to do so already.
What You Can Do. We strongly encourage you to enroll in two-factor or multi-factor authentication. While we advise customers not to re-use passwords across multiple accounts, if you do use the same information elsewhere, we recommend that you change the information on those other accounts, as well. You can review the “Additional Information” section below for information on how you can further protect your personal information.
More Information. If you have additional questions, please contact IDX, Xfinity’s incident response provider managing customer notifications and call center support, at 888-799-2560 toll-free, 24 hours a day, 7 days a week. More information is available on the Xfinity website at www.xfinity.com/dataincident.
We know that you trust Xfinity to protect your information, and we can’t emphasize enough how seriously we are taking this matter. We remain committed to continue investing in technology, protocols and experts dedicated to helping to protect your data and keeping you, our customer, safe.
Sincerely,
Xfinity