Basically this data included customer details on 36 million customers, and Xfinity only has 32 million active customers...
They've already admitted it includes all plaintext customer details (names, address, last 4 SSN, etc.), and their password hashes, but no info on what hashing function was used to make them, or if they were salted.
This is just what they've admitted. Who wants to place bets on whether they also got all the customer data that shouldn't be legal to collect, but is e.g. browsing habits, traffic analysis, user/household metadata?