LETTER: Gallego Demands Answers for Arizonans Impacted by Xfinity Data Breach
65,000 Xfinity customers in Arizona potentially impacted by breach
PHOENIX, AZ - Rep. Ruben Gallego (AZ-03) sent a letter to Social Security Administration (SSA) Commissioner Martin O’Malley and Federal Trade Commission (FTC) Chair Lina Khan seeking answers related to the recent Xfinity data breach that left the Social Security numbers of 35 million Americans - and potentially 65,000 Arizonans - vulnerable to exposure. In addition, he asked the FTC to recommend any further legislative actions that would ensure consumers are better protected.
Rep. Gallego writes, “While Xfinity does not believe that customer data has been leaked, the data breach enabled hackers to access the usernames and passwords of many customers, as well as names, contact information, dates of birth, secret authentication questions and importantly, the last four digits of Social Security numbers. Hackers are easily able to discern the first five digits, as they relate to where Social Security beneficiaries live and where their card was issued. This alarming breach leaves millions of Americans vulnerable.”
To ensure Arizonans receive all the information related to the potential breach of their data, Rep. Gallego demanded answers to the following questions:
- Was the FTC aware of this breach when it initially occurred?
- Was Xfinity in compliance with existing privacy laws when waiting to notify their customers?
- What steps is the government taking to ensure that cybersecurity best practices are adhered to by third-party vendors and their subcontractors?
- Can you please detail what steps you have taken to work with Xfinity to address this situation?
- How many Social Security beneficiaries had their data accessed by hackers?
- Does the FTC need additional statutory authority to ensure consumer protection and improve providers’ ability to protect consumers’ sensitive data?
On October 25, Xfinity became aware of suspicious activity. On December 6, the company concluded sensitive information for more than 35 million customers had been likely acquired. The information includes usernames and passwords, the last four digits of Social Security numbers, account security questions, birthdates, and contact information.
In addition to his letter to SSA and FTC leaders, Rep. Gallego has requested information from both Xfinity and its software provider Citrix to gather all relevant facts pertaining to the hack.