It wouldn’t be a new year without there being a new effort to steal customer data. Back in October, the network hardware provider Citrix disclosed a high-severity vulnerability to its corporate users, but Comcast/Xfinity waited over a week to implement a patch to address the vulnerability. As a result, hackers stole more than 35 million usernames and passwords as well as personally identifying information (PII) like the last 4 digits of Social Security Numbers from Xfinity clients.
“Citrix Bleed,” as the hack has been dubbed, has been described as “one of the year’s most severe and widely exploited,” with a severity level of 9.4 out of 10. Other high-profile companies from Boeing and Toyota to Bank of China and law firm Allen & Overy have also been affected.
If you have been a part of this (or another data breach), there are some steps you can take to mitigate any damage done:
- Monitor your credit. Set up an account at www.freecreditreport.com to check for any suspicious activity and check in periodically. If you get an alert that your credit has dropped substantially, multiple accounts have been opened in your name, or other activities you didn’t approve, contact the credit agencies immediately.
- Clear your cache. Saving usernames and passwords is convenient, but once compromised, you should delete all these cookies and history.
- Change your passwords. All of them. Of course, Comcast is asking all its Xfinity clients to change their passwords (and use multi-factor authentication when possible) but once there’s a breach in one place, it’s good practice to update all your passwords (especially if you’ve been using the same password on multiple sites—which you should avoid).
Even if you haven’t been affected by this specific hack, the new year is a great time to step up your online security practices.
- Build a wall. Consider installing a software firewall on your computer or using a hardware firewall to bolster the protection that comes with your broadband router.
- Patch, patch, patch. If you get a pop-up that any software or operating systems needs to be updated or patched, don’t wait. Stop what you’re doing and start the update.
- Back up and restart. Back up your system regularly and save your work and shut your computer down nightly. An “on” machine is a vulnerable machine.
- Beef up your passwords. “Password123” is soooo 2023. Choose complex passwords that use letters, numbers, and symbols, and set reminders on your calendar to change passwords regularly.
- Use two-factor authentication. Yes, it’s a pain, but even with the best passwords, hackers have a good shot at cracking the code. Requiring a quick text or email adds another layer of defense.
Hackers are getting more and more resourceful with each passing year and they’re ready and able to take advantage of any vulnerability that pops up. The companies—banks, cell phone providers, and even your cable company—are vulnerable to the same breaches and when successful, these hacks can have devastating (and far-reaching consequences). While you can’t control how they fight cyberattacks, you can do your part by beefing up your own security.