Xfinity by Comcast reports a data breach following a cyberattack that took use of the CitrixBleed vulnerability. By taking use of this vulnerability, threat actors were able to take over active authenticated connections and get around multifactor authentication and other stringent authentication regulations. The security company Mandiant saw threat actors taking control of sessions in which the threat actor used session data that had been taken prior to the patch being deployed. The business discovered that hashed passwords and usernames are among the different client data that is exposed.

Boeing Investigates Cyber Incident Following LockBit Ransomware Threat Boeing confirmed on November 1 an ongoing investigation into a cyber incident affecting its parts and distribution business, part of its Global Services division. The disclosure follows a claim by the LockBit ransomware gang, which alleged on October 27 that it had stolen a "tremendous amount" of sensitive data from the aerospace giant and threatened to leak it unless a ransom was paid by November 2. The threat was removed from LockBit’s website by November 1, though the group has not commented further. Boeing stated the incident does not impact flight safety and is cooperating with law enforcement and regulatory authorities while notifying customers and suppliers. Some webpages related to its Global Services division were temporarily inaccessible due to technical issues. The company has not confirmed whether LockBit is responsible for the breach. LockBit, identified by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as the most active ransomware group in 2022, has targeted over 1,700 U.S. organizations since 2020. The group typically encrypts victim systems and exfiltrates data for extortion. Cybersecurity experts note that even if ransoms are paid, there is no guarantee stolen data will not be leaked. Boeing has not disclosed whether defense-related data was compromised, though experts warn such a breach could pose significant risks. CISA has not commented on the incident.

Comcast Nears $117.5M Settlement Over 2023 Data Breach Affecting 30M Customers A federal judge in Pennsylvania’s Eastern District has granted preliminary approval for a $117.5 million settlement in a class-action lawsuit against Comcast, stemming from a 2023 cyber intrusion that potentially exposed sensitive data of over 30 million current and former customers. If finalized, the agreement would resolve two dozen lawsuits filed against the telecommunications giant. Affected customers would receive one of two remedies: - Three years of financial monitoring and identity theft protection, or - A choice between reimbursement for documented losses up to $10,000 or a $50 cash payment. The settlement structure allows for proof-based compensation for those who can demonstrate harm, while others may opt for a flat payout. Comcast, while not opposing the settlement, has denied liability for the breach, disputing the plaintiffs’ claims in court filings. The company has not commented publicly on the matter. The final court review will determine whether the agreement is approved.

The names, home addresses, phone numbers, and email addresses of 1000 employees of the biggest aerospace and defense contractor in the United States were accidentally disclosed by Boeing. More than 6,000 Boeing employees, including senior executives, program managers, and government relations staff, had substantial personal information exposed in publicly accessible files held by the digital consultant IMGE. Although the names of some of the files suggest they were made around the beginning of 2018, it is unknown how long they were available to the general public. A firm representative said that the information was made public due to human error on the part of the website's vendor.

The ransomware organisation LockBit released data purportedly taken from the massive aerospace company Boeing. The group says it has taken a tonne of confidential information from the business and threatens to release it if Boeing doesn't get in touch with them by the first deadline. The business stated that while it has acknowledged that a cyberattack affected its services segment, the inquiry is still underway. After analysing the leaked data, Bleeping Computer concluded that the majority of the data that was made public were system backups.

After an unintentional data leak, Boeing, the massive aerospace company, notified 36,000 workers, an employee of the company accidentally sent his spouse, who was not employed by the company, an email containing a spreadsheet that contained the personal information of his coworkers. The individual transmitted a file that included the names, birthplaces, BEMSIDs bespoke employee ID numbers, accounting department codes, and other sensitive personally identifiable information of 36,000 Boeing workers. Olson claims that hidden columns in the spreadsheet held dates of birth and social security numbers. The organisation intends to impose more restrictions on sensitive information and mandate more training for staff members on handling sensitive data in order to prevent future occurrences of this kind.

The California Office of the Attorney General reported a data breach involving The Boeing Company on February 8, 2017. The breach occurred on November 21, 2016, when an employee sent an email containing sensitive personal information of other employees to his non-Boeing spouse. The information included names, social security numbers, and dates of birth, with the number of affected individuals currently unknown.