Telecom giant Xfinity recently informed customers of a data breach exposing personal information of nearly 36 million customers. Users’ names, contacts, secret questions and answers, and the last four digits of Social Security numbers were potentially captured – all of which can be exploited in identity theft. In response, parent company Comcast told customers to change their passwords and establish “two-factor or multi-factor authentication,” which requires online users to use at least two ways to identify themselves before they can enter a website. Comcast further advised customers who used the same password for Xfinity and for other, unrelated accounts, to change the password on their other accounts, as well. The breach occurred between October 16 and October 19 and affected 35,879,455 people, according to Comcast’s regulatory filing with the state of Maine’s attorney general. It was discovered on December 6, according to company officials who cited a vulnerability in software supplied by Citrix, a technology firm that supports Comcast’s website. “You’ll get an alert if we detect possible fraudulent use of your information or find it on the dark web,” Comcast informed customers in an email. “If you become a victim of ID theft, we work to fix it,” adding: “We have your back.” The breach has sparked multiple class action lawsuits aimed at Comcast and Citrix. One of the lawsuits complains that Comcast failed to protect people’s personal data, and another faults the company for leaving customers unaware that their private information was at risk for exposure.