Three days after Xfinity reported a data breach affecting 36 million users, Citrix Systems Inc. is now facing a class-action lawsuit for failing to prevent the breach. Comcast revealed the extent of the breach, which occurred between October 16 and 19, in a notice to the Maine Attorney General. The hackers gained unauthorized access to internal systems, exposing user information including usernames, passwords, contact information, Social Security numbers, dates of birth, and security questions and answers.
Customers are advised to change their passwords, set up two-factor authentication, and change passwords for other accounts with the same login information. Citrix, the service provider for the Xfinity website, is named as a defendant in the class-action lawsuit for not adequately protecting sensitive information. The lawsuit alleges that Citrix knew about the vulnerability in a software product called “Citrix Bleed” and failed to prevent the breach.
The lawsuit seeks compensatory and consequential damages from Citrix on behalf of the affected users. Hackers have been exploiting the Citrix Bleed vulnerability since August, enabling them to bypass password requirements and multi-factor authentication to hijack user sessions. This vulnerability has been linked to ransomware and malware attacks against other companies.
News of the breach comes a year after another security incident at Comcast where customers’ accounts were taken over by hackers who bypassed two-factor authentication and changed passwords. The lawsuit against Citrix highlights the ongoing risks and consequences of data breaches for individuals, including invasion of privacy and financial losses.
Citrix has not commented on the pending litigation, while Comcast did not respond to inquiries about the breach. ClassAction.org has launched an investigation that may lead to a class-action lawsuit against Comcast. Users affected by the breach are encouraged to contact legal firms for further information and potential recourse. The breach underscores the importance of robust cybersecurity measures to protect sensitive information from unauthorized access.
Article Source
https://techxplore.com/news/2023-12-citrix-sued-xfinity-breach-exposed.html