Jessica Mathews / news@whmi.com

Michigan Attorney General Dana Nessel is alerting consumers to a “massive data breach” affecting customers of Comcast/Xfinity nationwide.

Comcast, the parent company of Xfinity, disclosed on December 18th that personal information of Xfinity customers was maliciously accessed in October of this year. Comcast says it is notifying customers via the Xfinity website, email, and by alerting news media.

Nessel said she wants those whose information may have been compromised in the recent Comcast/Xfinity data breach to know what steps they can take to protect their data from scammers and identity thieves.

Nessel advises all affected customers to change their passwords immediately, on their Xfinity accounts but also any other accounts for which they use the same or similar login credentials or security questions.

Comcast contends that hackers exploited a vulnerability in software provided by Citrix, one of their software providers, and gained access to usernames, passwords, and for some customers other information such as names, contact information, the last four digits of their social security numbers, birthdates, or security questions and answers. Comcast asserts over 35 million Xfinity customers were affected by the breach.

This week, Xfinity began requiring customers to reset their passwords. Xfinity customers with questions are directed by the company to call 888-799-2560.

Michigan law does not require companies to notify the Attorney General’s office of data breaches, and the number of affected Michigan consumers is unknown.