Comcast
Company Details
Linkedin ID:
comcast
Website:
Employees number:
60,212
Number of followers:
706,769
NAICS:
517
Industry Type:
Homepage:
https://corporate.comcast.com/
IP Addresses:
819
Company ID:
COM_2880559
Scan Status:
Completed
Comcast Company CyberSecurity Posture
https://corporate.comcast.com/
Welcome to Comcast. From the connectivity and platforms we provide to the content and experiences we create, we bring people together, globally. Our people think the world of our work, and that’s why our work is the best in the world.
Comcast A.I CyberSecurity Scoring
Comcast Risk Score (AI oriented)Between 0 and 549
Comcast
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Comcast Global Score (TPRM)XXXX
Comcast
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Comcast Company CyberSecurity News & History
Past Incidents
16
Attack Types
4
Comcast
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Xfinity by Comcast reports a data breach following a cyberattack that took use of the CitrixBleed vulnerability. By taking use of this vulnerability, threat actors were able to take over active authenticated connections and get around multifactor authentication and other stringent authentication regulations. The security company Mandiant saw threat actors taking control of sessions in which the threat actor used session data that had been taken prior to the patch being deployed. The business discovered that hashed passwords and usernames are among the different client data that is exposed.
Comcast
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Comcast, a US company, suffered a data breach incident in September 2015. The breach compromised the personal details of about 75,000 of its customers. The company had offered $100 to the affected customers and $25 million to the state agencies as compensation.
Comcast Cable Communications LLC
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Maine Office of the Attorney General reported a data breach involving Comcast Cable Communications LLC, which occurred from October 16 to October 19, 2023, due to unauthorized access following a vulnerability in a software product used by Xfinity's provider, Citrix. The breach affected approximately 35,879,455 individuals, potentially exposing usernames, hashed passwords, names, contact information, last four digits of social security numbers, dates of birth, and secret questions and answers. The breach was discovered on December 6, 2023, and notifications were sent on December 18, 2023.
Comcast
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Comcast, a major telecommunications conglomerate, faced a regulatory penalty of **$1.5 million** imposed by the **Federal Communications Commission (FCC)** due to a **data breach** that exposed the personal information of **237,000 customers**. The incident stemmed from inadequate vendor oversight, leading to unauthorized access to sensitive customer data, including names, addresses, phone numbers, and potentially financial details. The FCC settlement requires Comcast to implement stricter **third-party risk management protocols**, enhance **data protection measures**, and conduct regular audits to prevent future breaches. While the financial penalty is significant, the reputational damage and erosion of customer trust pose long-term risks. The breach did not result in confirmed identity theft or fraudulent transactions tied directly to the exposed data, but the scale of affected individuals and regulatory scrutiny underscore the severity of the lapses in cybersecurity governance. The incident highlights the growing regulatory focus on **vendor-related security failures** in safeguarding consumer privacy.
Comcast Corporation
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Comcast Corporation faced a severe data breach in 2024 due to a cyberattack on its former vendor, **Financial Business and Consumer Solutions (FBCS)**, a debt collection agency. Unauthorized actors gained access to FBCS’s network, exfiltrating and encrypting sensitive personal data of **237,000 current and former Comcast customers**, including **names, addresses, Social Security numbers, dates of birth, and Comcast account identifiers**. The breach exposed victims to high risks of **identity theft and financial fraud**, compounded by FBCS’s bankruptcy filing shortly before disclosure.The **FCC imposed a $1.5 million fine** on Comcast, which, while not admitting liability, agreed to enhance **vendor oversight, privacy protections, and cybersecurity measures**. Affected customers received **12 months of free credit monitoring and identity theft protection**, alongside advisories to enable **two-factor authentication** and monitor financial accounts. The incident underscores critical vulnerabilities in third-party vendor security and the cascading risks of inadequate data protection protocols.
Comcast Corporation
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Comcast Corporation (NASDAQ:CMCSA) faced a **$1.5 million fine** from the **Federal Communications Commission (FCC)** after its vendor, **Financial Business and Consumer Solutions (FBCS)**, exposed the **personal data of ~237,000 current and former customers** using Comcast’s internet, TV, and home security services. The breach occurred in **August 2024**, but FBCS filed for bankruptcy before disclosing it. The exposed data included customer information linked to Comcast’s services, though specifics (e.g., financial details, exact PII types) were not detailed.The FCC mandated a **new compliance plan** with stricter **vendor oversight and privacy safeguards**. While Comcast reported strong Q3 earnings ($31.2B revenue, beating estimates), the breach added regulatory pressure amid broader scrutiny, including political tensions with President Trump over NBC’s content. The stock declined **29.29% YTD** and dropped **3.25% on the day** of the announcement, reflecting investor concerns over reputational and compliance risks.
Comcast
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Comcast experienced a significant **data breach in February 2024** caused by a **third-party vendor’s cybersecurity failures**, exposing the **personal information of nearly 275,000 customers**, including names, addresses, and account details. The breach stemmed from **inadequate security measures** by the vendor, leading to unauthorized access and severe privacy risks. The incident triggered an **FCC investigation**, resulting in a **$1.5 million fine** and **reputational damage**, as customers questioned Comcast’s ability to protect their data. The case highlights critical gaps in **vendor oversight** and underscores the financial, regulatory, and trust-related consequences of third-party security lapses. While Comcast settled the probe, the breach serves as a warning for organizations to enforce **stricter vendor audits, continuous monitoring, and clear contractual cybersecurity obligations** to prevent similar incidents.
Comcast (CMCSA)
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Comcast, a major entertainment and telecommunications conglomerate, faced regulatory and financial repercussions after a **third-party vendor data breach** exposed the personal information of approximately **237,000 customers**. The breach occurred at **Financial Business and Consumer Solutions (FBCS)**, a now-bankrupt debt-collection vendor that Comcast had engaged until 2022. The incident, disclosed in **August 2024**, involved customer data from Comcast’s internet, TV, and home security services. While Comcast’s own systems remained uncompromised, the FCC imposed a **$1.5 million fine** and mandated stricter vendor oversight under a new compliance plan. The breach raised concerns over **vendor risk management**, particularly as FBCS had already filed for bankruptcy before the exposure was revealed. Comcast denied liability but committed to enhancing cybersecurity policies to prevent future incidents. The financial and reputational fallout contributed to a **3% stock decline** on the day of the announcement, compounding a **38.75% year-over-year loss** in share value.
Comcast
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The data breach at Financial Business and Consumer Solutions (FBCS) impacted approximately 238,000 Comcast customers after a ransomware attack. The incident involved unauthorized access between February 14 and February 26, 2024, where attackers could view or acquire sensitive information. The compromised data included names, Social Security numbers, and account details. While FBCS is not aware of further misuse of the data, Comcast is providing affected individuals with free credit monitoring services for a year.
Comcast
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A BlackMarket on the dark web was offering about 590,000 Comcast email addresses and passwords for sale. The seller presented a list of 112 accounts asking for $300 USD for 100,000 accounts, and the complete list of 590,000 accounts sells for $1,000 USD as evidence of the reliability of the Comcast data. Approximately 200,000 out of the 590,000 records that were being sold on the illicit market were still active, according to Comcast, which was in possession of the list and had been examining the exposed information. The systems of Comcast have not been penetrated, according to the company's security staff, and each subscriber who reports unusual behaviour on his account will be contacted individually to address the problem.
Comcast
Data Leak
Rankiteo Explanation
Attack limited on finance or reputation
Description: A bug in Comcast's website used to activate Xfinity compromised sensitive information on the company's customers. The website, used by customers to set up their home internet and cable service, was used to trick into displaying the home address where the router is located, as well as the Wi-Fi name and password. Only a customer account ID and that customer's house or apartment number are needed, even though the web form asks for a full address. That information could be grabbed from a discarded bill or obtained from an email. The bug returns data even if the Xfinity Wi-Fi is already switched on. It's also possible to rename Wi-Fi network names and passwords, temporarily locking users out.
Comcast
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Comcast Xfininty's login page had a bug that allowed anyone to gain access to the partial Social Security Numbers and partial home addresses of over 26.5 million customers. The company patched the bug quickly after being notified of its existence.
Comcast
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Comcast was affected by a data breach at Financial Business and Consumer Solutions (FBCS), a third-party agency providing collection-related services. The breach exposed personal data of approximately 238,000 customers, including names, addresses, Social Security numbers, dates of birth, and Comcast account details. The incident was the result of unauthorized network access and a ransomware attack at FBCS between February 14 and 26, 2024. Comcast ceased working with FBCS in 2020, but due to data retention requirements, FBCS still held Comcast customer data from around 2021. While FBCS has not observed misuse of the compromised data, Comcast offered one year of credit monitoring and identity protection services to impacted individuals.
Comcast Corporation
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The Medusa ransomware group claimed responsibility for a cyberattack on **Comcast Corporation**, a global media and technology conglomerate. The group allegedly exfiltrated **834.4 GB of data**, including actuarial reports, insurance modeling scripts, claim analytics, and customer data processing files (e.g., *Esur_rerating_verification.xlsx*, *Claim Data Specifications.xlsm*, Python/SQL scripts). They demanded **$1.2 million** to either delete the data or prevent its sale/leak, publishing **167,121 file entries** and **20 screenshots** as proof. The breach risks exposing sensitive financial, customer, and operational data, potentially triggering regulatory scrutiny. Comcast has not confirmed the attack, but Medusa’s history (e.g., a **$4M ransom demand on NASCAR** in 2025, later confirmed as a breach) suggests credibility. The leaked data’s scale—spanning insurance, premium analysis, and claims—implies severe operational and reputational damage. Previous incidents (e.g., **200,000 Comcast credentials leaked in 2015**) highlight vulnerabilities in legacy data protection. If validated, the breach could disrupt Comcast’s subsidiaries (NBCUniversal, Sky, Peacock) and erode trust in its cybersecurity posture.
Comcast Corporation
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: The **Medusa ransomware group** breached **Comcast Corporation**, a global media and technology company, in late September 2025, exfiltrating **834 GB of data**. The group leaked **186.36 GB of compressed data** (expanding to ~834 GB) on October 19, 2025, after Comcast refused to pay a **$1.2 million ransom**. The leaked files included sensitive records such as **Esur_rerating_verification.xlsx**, **Claim Data Specifications.xlsm**, and proprietary **Python/SQL scripts** related to auto premium analysis. The data was split into **47 files (45 x 4 GB + 1 x 2 GB)** and made available for purchase on the dark web.Comcast did not respond to inquiries, leaving the breach unconfirmed but highly credible given Medusa’s track record—including a prior **$4M ransomware attack on NASCAR** in April 2025. The group exploited the **GoAnywhere MFT vulnerability (CVE-2025-10035, CVSS 10.0)** for initial access. This incident follows Comcast’s **2023 Xfinity breach**, where a **Citrix vulnerability** exposed **35.9 million user accounts**. The leaked data’s scale and sensitivity suggest severe operational, financial, and reputational risks for Comcast, with potential regulatory and customer trust repercussions.
Comcast Cable Communications
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Vermont Office of the Attorney General disclosed that Xfinity suffered a data breach stemming from a **vulnerability in Citrix’s software**, enabling unauthorized access between **October 16–19, 2023**. The exposed data included **usernames, hashed passwords, full names, contact details, the last four digits of Social Security numbers, dates of birth, and secret questions/answers**. While the breach did not involve full Social Security numbers or financial data, the compromised credentials and personal identifiers pose significant risks, including **identity theft, phishing attacks, and account takeovers**. The incident was publicly reported on **December 18, 2023**, highlighting delays in detection and disclosure. The breach’s scope suggests potential long-term reputational damage and regulatory scrutiny, particularly given the sensitivity of the leaked information and the scale of Xfinity’s customer base.
Comcast Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Comcast
Incidents vs Telecommunications Industry Average (This Year)
Comcast has 69.49% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Comcast has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types Comcast vs Telecommunications Industry Avg (This Year)
Comcast reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — Comcast (X = Date, Y = Severity)
Comcast cyber incidents detection timeline including parent company and subsidiaries
Comcast Company Subsidiaries
Welcome to Comcast. From the connectivity and platforms we provide to the content and experiences we create, we bring people together, globally. Our people think the world of our work, and that’s why our work is the best in the world.
Loading...
Comcast Similar Companies
Globe is a leading full-service telecommunications company in the Philippines and publicly listed in the PSE with the stock symbol GLO. The company serves the telecommunications and technology needs of consumers and businesses across an entire suite of products and services including mobile, fixed,
Vivo (Telefônica Brasil)
Vivo (Telefônica Brasil) is part of the Telefónica Group and with more than 94 million customers, of which 75 million mobile and 19 million fixed, we are the largest telecommunications company in Brazil, with nationwide presence and a complete, convergent portfolio of products, combining fixed, mobi
vivo
vivo is a technology company that creates great products based on a design-driven value, with smart devices and intelligent services as its core. The company aims to build a bridge between humans and the digital world. Through unique creativity, vivo provides users with an increasingly convenient mo
Telkom Indonesia
PT Telkom Indonesia (Persero) Tbk (Telkom) is a state-owned information and communications technology enterprise and telecommunications network in Indonesia. The Government of Indonesia is the majority shareholder with 52.09 percent shares while the remaining 47.91 percent shares belong to public sh
T-Mobile
T-Mobile US, Inc. (NASDAQ: TMUS) is America’s supercharged Un-carrier, delivering an advanced 4G LTE and transformative nationwide 5G network that will offer reliable connectivity for all. T-Mobile’s customers benefit from its unmatched combination of value and quality, unwavering obsession with off
Telmex
TELMEX, la empresa líder de telecomunicaciones y servicios TI en México, ha realizado importantes inversiones para desarrollar la plataforma tecnológica más robusta y vanguardista del país, que le permite ofrecer la más amplia gama de soluciones, con los mayores estándares de calidad, seguridad, con
We are driving the digital transition of Italy and Brazil with innovative technologies and services because we want to contribute to accelerating the sustainable growth of the economy and society by bringing value and prosperity to people, companies and institutions. We offer diversified solutions
Telkomsel
Connecting Nation. Accelerating Indonesia's Future. As Indonesia's leading digital telecommunications company, Telkomsel is committed to building a connected, competitive, and future-ready society. For over 29 years, we've empowered individuals, homes, and businesses with innovative connectivity an
Motorola Solutions
About Motorola Solutions | Solving for safer Safety and security are at the heart of everything we do at Motorola Solutions. We build and connect technologies to help protect people, property and places. Our solutions foster the collaboration that’s critical for safer communities, safer schools, sa
.png)
Comcast CyberSecurity News
November 12, 2025 02:13 PM
Future-proof your network: Neal Merry of Comcast Business shares strategies to protect against cyber threats
Neal Merry, senior director for Comcast Business, Midwest Region covers the current cybersecurity landscape for businesses, the impact of...
November 10, 2025 04:22 PM
Unlocking the Power of Cybersecurity: Comcast Hosts Cybersecurity Social at the Battery Alanta
Cybersecurity isn't just a priority, it's a necessity. As digital threats grow more advanced, the need for proactive protection has never...
November 05, 2025 08:00 AM
Comcast Business Hosts Social to Increase Awareness on Cybersecurity Threats and Solutions
Comcast Business hosted a cybersecurity social, showcasing advanced security solutions and providing expert insights on protecting against...
October 28, 2025 07:00 AM
How Comcast Business protects companies from cyberattacks and promotes digital access
Cybersecurity is no longer just a technology issue — it's a business imperative,” said Noopur Davis, chief information security and product...
October 23, 2025 07:00 AM
Medusa Ransomware Leaks 834 GB of Comcast Data After $1.2M Demand
The Medusa ransomware group has leaked 186.36 GB of compressed data it claimed to have stolen from Comcast Corporation, a global media and...
October 20, 2025 07:00 AM
Comcast Business Expands Partnership with Cisco to Bring Secure Networking Solutions to Millions of Emerging Enterprises
Comcast Business announced the expanded availability of its fully managed secure networking solution built on the Cisco Meraki platform.
October 10, 2025 07:00 AM
Comcast Business Report Warns of Rising AI-Powered Cyber Threats
PHILADELPHIA, PA — Comcast Business has released its 2025 Cybersecurity Threat Report, analyzing 34.6 billion cybersecurity events recorded...
October 09, 2025 07:00 AM
From Reactive to Resilient: A Proactive Guide to Securing Small Businesses in the Digital Age
According to the newly released 2025 Comcast Business Cybersecurity Threat Report, attacks are increasing.
October 08, 2025 07:00 AM
Comcast: AI is Aiding Both Positive and Negatives of Cybersecurity
Comcast: AI is Aiding Both Positive and Negatives of Cybersecurity ... Report also finds increase in phishing attacks as part of advanced attacker...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Comcast CyberSecurity History Information
Official Website of Comcast
The official website of Comcast is https://corporate.comcast.com/.
Comcast’s AI-Generated Cybersecurity Score
According to Rankiteo, Comcast’s AI-generated cybersecurity score is 424, reflecting their Critical security posture.
How many security badges does Comcast’ have ?
According to Rankiteo, Comcast currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Comcast have SOC 2 Type 1 certification ?
According to Rankiteo, Comcast is not certified under SOC 2 Type 1.
Does Comcast have SOC 2 Type 2 certification ?
According to Rankiteo, Comcast does not hold a SOC 2 Type 2 certification.
Does Comcast comply with GDPR ?
According to Rankiteo, Comcast is not listed as GDPR compliant.
Does Comcast have PCI DSS certification ?
According to Rankiteo, Comcast does not currently maintain PCI DSS compliance.
Does Comcast comply with HIPAA ?
According to Rankiteo, Comcast is not compliant with HIPAA regulations.
Does Comcast have ISO 27001 certification ?
According to Rankiteo,Comcast is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Comcast
Comcast operates primarily in the Telecommunications industry.
Number of Employees at Comcast
Comcast employs approximately 60,212 people worldwide.
Subsidiaries Owned by Comcast
Comcast presently has no subsidiaries across any sectors.
Comcast’s LinkedIn Followers
Comcast’s official LinkedIn profile has approximately 706,769 followers.
NAICS Classification of Comcast
Comcast is classified under the NAICS code 517, which corresponds to Telecommunications.
Comcast’s Presence on Crunchbase
Yes, Comcast has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/comcast.
Comcast’s Presence on LinkedIn
Yes, Comcast maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/comcast.
Cybersecurity Incidents Involving Comcast
As of November 27, 2025, Rankiteo reports that Comcast has experienced 16 cybersecurity incidents.
Number of Peer and Competitor Companies
Comcast has an estimated 9,535 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Comcast ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware, Breach, Vulnerability and Data Leak.
What was the total financial impact of these incidents on Comcast ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $31 million.
How does Comcast detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with patched the bug quickly, and remediation measures with contacting subscribers reporting unusual behavior, and third party assistance with mandiant, and communication strategy with comcast offered one year of credit monitoring and identity protection services to impacted individuals, and communication strategy with public disclosure via vermont office of the attorney general, and communication strategy with no public response or acknowledgement, and remediation measures with improved vendor oversight (as per fcc mandate), and remediation measures with compliance plan with strengthened vendor oversight and customer-privacy safeguards, and remediation measures with new compliance plan with stricter vendor oversight rules, and communication strategy with public statement denying blame but committing to improved cybersecurity policies, and enhanced monitoring with improved cybersecurity policies (vendor monitoring), and and remediation measures with enhanced vendor oversight, remediation measures with stricter customer privacy protections, remediation measures with improved information security practices, and recovery measures with customer notifications, recovery measures with free identity theft protection (12-month credit monitoring), and communication strategy with public disclosure via fcc, communication strategy with customer notifications, communication strategy with advisories for two-factor authentication..
Incident Details
Can you provide details on each incident ?
Title: Comcast Data Breach
Description: Comcast, a US company, suffered a data breach incident in September 2015. The breach compromised the personal details of about 75,000 of its customers. The company had offered $100 to the affected customers and $25 million to the state agencies as compensation.
Date Detected: September 2015
Type: Data Breach
Title: Comcast Xfinity Website Bug Exposes Customer Information
Description: A bug in Comcast's website used to activate Xfinity compromised sensitive information on the company's customers. The website, used by customers to set up their home internet and cable service, was used to trick into displaying the home address where the router is located, as well as the Wi-Fi name and password. Only a customer account ID and that customer's house or apartment number are needed, even though the web form asks for a full address. That information could be grabbed from a discarded bill or obtained from an email. The bug returns data even if the Xfinity Wi-Fi is already switched on. It's also possible to rename Wi-Fi network names and passwords, temporarily locking users out.
Type: Data Breach
Attack Vector: Web Application Vulnerability
Vulnerability Exploited: Information Disclosure
Title: Comcast Xfinity Login Page Bug
Description: Comcast Xfinity's login page had a bug that allowed anyone to gain access to the partial Social Security Numbers and partial home addresses of over 26.5 million customers. The company patched the bug quickly after being notified of its existence.
Type: Data Breach
Attack Vector: Bug Exploitation
Vulnerability Exploited: Login Page Bug
Title: Comcast Email Credentials for Sale on Dark Web
Description: A BlackMarket on the dark web was offering about 590,000 Comcast email addresses and passwords for sale. The seller presented a list of 112 accounts asking for $300 USD for 100,000 accounts, and the complete list of 590,000 accounts sells for $1,000 USD as evidence of the reliability of the Comcast data. Approximately 200,000 out of the 590,000 records that were being sold on the illicit market were still active, according to Comcast, which was in possession of the list and had been examining the exposed information. The systems of Comcast have not been penetrated, according to the company's security staff, and each subscriber who reports unusual behaviour on his account will be contacted individually to address the problem.
Type: Data Breach
Attack Vector: Dark Web Marketplace
Threat Actor: Unknown
Motivation: Financial Gain
Title: Xfinity by Comcast Data Breach
Description: Xfinity by Comcast reports a data breach following a cyberattack that took use of the CitrixBleed vulnerability. By taking use of this vulnerability, threat actors were able to take over active authenticated connections and get around multifactor authentication and other stringent authentication regulations. The security company Mandiant saw threat actors taking control of sessions in which the threat actor used session data that had been taken prior to the patch being deployed. The business discovered that hashed passwords and usernames are among the different client data that is exposed.
Type: Data Breach
Attack Vector: CitrixBleed vulnerability
Vulnerability Exploited: CitrixBleed
Title: Data Breach at Financial Business and Consumer Solutions (FBCS)
Description: The data breach at Financial Business and Consumer Solutions (FBCS) impacted approximately 238,000 Comcast customers after a ransomware attack. The incident involved unauthorized access between February 14 and February 26, 2024, where attackers could view or acquire sensitive information. The compromised data included names, Social Security numbers, and account details. While FBCS is not aware of further misuse of the data, Comcast is providing affected individuals with free credit monitoring services for a year.
Date Detected: February 26, 2024
Type: Data Breach, Ransomware
Attack Vector: Unauthorized Access
Title: Comcast Data Breach via Third-Party Vendor
Description: Comcast was affected by a data breach at Financial Business and Consumer Solutions (FBCS), a third-party agency providing collection-related services. The breach exposed personal data of approximately 238,000 customers, including names, addresses, Social Security numbers, dates of birth, and Comcast account details. The incident was the result of unauthorized network access and a ransomware attack at FBCS between February 14 and 26, 2024. Comcast ceased working with FBCS in 2020, but due to data retention requirements, FBCS still held Comcast customer data from around 2021. While FBCS has not observed misuse of the compromised data, Comcast offered one year of credit monitoring and identity protection services to impacted individuals.
Date Detected: 2024-02-26
Type: Data Breach
Attack Vector: Unauthorized Network Access, Ransomware
Title: Comcast Data Breach
Description: The Maine Office of the Attorney General reported a data breach involving Comcast Cable Communications LLC, which occurred from October 16 to October 19, 2023, due to unauthorized access following a vulnerability in a software product used by Xfinity's provider, Citrix. The breach affected approximately 35,879,455 individuals, potentially exposing usernames, hashed passwords, names, contact information, last four digits of social security numbers, dates of birth, and secret questions and answers. The breach was discovered on December 6, 2023, and notifications were sent on December 18, 2023.
Date Detected: 2023-12-06
Date Publicly Disclosed: 2023-12-18
Type: Data Breach
Attack Vector: Unauthorized Access
Vulnerability Exploited: Vulnerability in Citrix software product
Title: Xfinity Data Breach via Citrix Software Vulnerability
Description: The Vermont Office of the Attorney General reported that Xfinity experienced a data breach due to a vulnerability in Citrix's software, with unauthorized access occurring between October 16 and October 19, 2023. The breach potentially involved usernames, hashed passwords, names, contact information, last four digits of Social Security numbers, dates of birth, and secret questions and answers.
Date Publicly Disclosed: 2023-12-18
Type: Data Breach
Attack Vector: Exploitation of Citrix Software Vulnerability
Vulnerability Exploited: Citrix Software Vulnerability (unspecified)
Title: Medusa Ransomware Attack on Comcast Corporation
Description: The Medusa ransomware group claimed responsibility for a ransomware attack on Comcast Corporation, a global media and technology company. The group exfiltrated 834.4 GB of data, including actuarial reports, product management data, insurance modeling scripts, and claim analytics. They demanded $1.2 million for the data to be deleted or not leaked/sold. The group posted screenshots and a file listing of 167,121 entries as proof of compromise. Comcast has not publicly confirmed or denied the breach as of the report date.
Date Publicly Disclosed: 2025-09-26
Type: ransomware
Threat Actor: Medusa Ransomware Group
Motivation: financial gainextortion
Title: Medusa Ransomware Attack on Comcast Corporation
Description: The Medusa ransomware group leaked 186.36 GB of compressed data (834 GB decompressed) allegedly stolen from Comcast Corporation in late September 2025. The group initially demanded $1.2 million from Comcast to delete the data instead of leaking or selling it. The leaked data includes files such as 'Esur_rerating_verification.xlsx', 'Claim Data Specifications.xlsm', and Python/SQL scripts related to auto premium impact analysis. The data was released in 47 split files (45 files at 4 GB each and 1 file at 2 GB) on October 19, 2025. Comcast did not respond to requests for comment.
Date Detected: 2025-09-late
Date Publicly Disclosed: 2025-09-26
Type: data breach
Attack Vector: exploitation of GoAnywhere MFT vulnerability (CVE-2025-10035)unauthenticated remote code execution
Vulnerability Exploited: CVE-2025-10035 (GoAnywhere MFT, CVSS 10.0)
Threat Actor: Medusa ransomware group
Motivation: financial gainextortion
Title: Comcast Data Breach and FCC Settlement
Description: Comcast faces a $1.5 million fine for a data breach affecting 237,000 customers. The FCC settlement mandates improved vendor oversight to protect customer privacy.
Type: Data Breach
Title: Comcast Data Breach via Vendor FBCS Leading to $1.5M FCC Fine
Description: Comcast Corporation was fined $1.5 million by the FCC after its vendor, Financial Business and Consumer Solutions (FBCS), exposed the personal data of ~237,000 current and former customers (internet, TV, and home security services). FBCS went bankrupt before disclosing the August 2024 breach. Comcast agreed to a compliance plan with enhanced vendor oversight and privacy safeguards.
Type: Data Breach (Third-Party Vendor)
Title: Comcast Vendor Data Breach Exposes 237,000 Customers' Personal Information
Description: Entertainment giant Comcast (CMCSA) faced regulatory action after a third-party debt-collection vendor, Financial Business and Consumer Solutions (FBCS), suffered a data breach in 2024. The breach exposed personal information of approximately 237,000 Comcast customers, including those using internet, TV, and home security services. The FCC imposed a $1.5 million fine on Comcast, citing inadequate oversight of the vendor, which had filed for bankruptcy before the breach was publicly disclosed in August 2024. Comcast denied blame but agreed to a compliance plan with stricter vendor monitoring rules.
Date Publicly Disclosed: 2024-08
Type: data breach
Title: Comcast Data Breach via Former Vendor FBCS Exposes 237,000 Customer Records
Description: In a significant regulatory enforcement, Comcast Corporation agreed to pay a $1.5 million fine after a data breach at its former vendor, Financial Business and Consumer Solutions (FBCS), exposed sensitive personal information of approximately 237,000 current and former customers. The breach occurred in February 2024 and involved unauthorized access, exfiltration, and encryption of customer data, including names, addresses, Social Security numbers, dates of birth, and Comcast account identifiers. The FCC investigation led to a settlement requiring Comcast to implement enhanced vendor oversight, stricter privacy protections, and improved security practices. Comcast notified affected individuals and offered free identity theft protection services, including 12 months of credit monitoring.
Date Detected: 2024-02
Type: data breach
Attack Vector: unauthorized access to vendor (FBCS) network
Title: Comcast Third-Party Vendor Data Breach (2024)
Description: Comcast experienced a significant data breach in February 2024 due to inadequate cybersecurity measures by a third-party vendor handling customer data. The breach exposed personal information of nearly 275,000 Comcast customers, including names, addresses, and account-related details. The FCC imposed a $1.5 million fine on Comcast for the incident, highlighting the financial and reputational risks of third-party vendor vulnerabilities.
Date Detected: 2024-02
Type: Data Breach (Third-Party Vendor)
Attack Vector: Inadequate cybersecurity measures by third-party vendor
Vulnerability Exploited: Vendor's security shortcomings (unspecified)
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Citrix Software Vulnerability, exploitation of GoAnywhere MFT vulnerability (CVE-2025-10035) and FBCS computer network.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach COM12229722
Data Compromised: Home address, Wi-fi name, Wi-fi password
Systems Affected: Xfinity Website
Incident : Data Breach COM22281122
Data Compromised: Partial social security numbers, Partial home addresses
Systems Affected: Login Page
Incident : Data Breach COM1740261023
Data Compromised: Email addresses and passwords
Identity Theft Risk: High
Incident : Data Breach COM152251223
Data Compromised: Hashed passwords, Usernames
Incident : Data Breach, Ransomware COM000100824
Data Compromised: Names, Social security numbers, Account details
Incident : Data Breach COM000101324
Data Compromised: Personal data of approximately 238,000 customers, including names, addresses, Social Security numbers, dates of birth, and Comcast account details
Identity Theft Risk: High
Incident : Data Breach COM051072425
Data Compromised: Usernames, Hashed passwords, Names, Contact information, Last four digits of social security numbers, Dates of birth, Secret questions and answers
Incident : Data Breach COM020090625
Data Compromised: Usernames, Hashed passwords, Names, Contact information, Last four digits of social security numbers, Dates of birth, Secret questions and answers
Identity Theft Risk: High (PII exposed)
Incident : ransomware COM1802018092925
Data Compromised: Actuarial reports, Product management data, Insurance modeling scripts, Claim analytics, Customer data processing, Claim management systems
Brand Reputation Impact: potential high impact (unconfirmed)
Legal Liabilities: potential regulatory scrutiny (unconfirmed)
Identity Theft Risk: potential (if customer data included)
Incident : data breach COM5935559102325
Data Compromised: 834 gb (decompressed), Files including esur_rerating_verification.xlsx, claim data specifications.xlsm, python/sql scripts
Brand Reputation Impact: high (public leak of sensitive corporate data)
Incident : Data Breach COM1920819112525
Financial Loss: $1.5 million (fine)
Data Compromised: Customer data (237,000 records)
Brand Reputation Impact: Potential negative impact due to breach and fine
Legal Liabilities: $1.5 million FCC fine
Incident : Data Breach (Third-Party Vendor) COM4835348112525
Financial Loss: $1.5 million (FCC fine)
Data Compromised: Personal data of ~237,000 customers
Brand Reputation Impact: Negative (amid regulatory scrutiny and political pressure)
Legal Liabilities: $1.5M FCC fine; compliance plan mandated
Identity Theft Risk: High (personal data exposed)
Incident : data breach COM0835508112525
Data Compromised: personal information of ~237,000 customers
Brand Reputation Impact: stock price drop (>3% on Monday, 38.75% loss over past year)
Legal Liabilities: $1.5 million FCC fine
Identity Theft Risk: high (personal information exposed)
Incident : data breach COM45102545112625
Financial Loss: $1.5 million (FCC fine)
Data Compromised: Names, Addresses, Social security numbers, Dates of birth, Comcast account identifiers
Systems Affected: FBCS computer network
Brand Reputation Impact: moderate (regulatory enforcement, public disclosure)
Legal Liabilities: $1.5 million FCC fine
Identity Theft Risk: high (exposed PII)
Incident : Data Breach (Third-Party Vendor) COM4832048112725
Financial Loss: $1.5 million (FCC fine)
Data Compromised: Names, Addresses, Account-related details
Customer Complaints: Increased (reputational damage)
Brand Reputation Impact: Negative (customers questioned data protection capabilities)
Legal Liabilities: $1.5 million FCC fine
Identity Theft Risk: High (sensitive personal data exposed)
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $1.94 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal details, Home Address, Wi-Fi Name, Wi-Fi Password, , Partial Social Security Numbers, Partial Home Addresses, , Email addresses and passwords, Hashed Passwords, Usernames, , Names, Social Security Numbers, Account Details, , Personal data, Usernames, Hashed Passwords, Names, Contact Information, Last Four Digits Of Social Security Numbers, Dates Of Birth, Secret Questions And Answers, , Personally Identifiable Information (Pii), Authentication Credentials, , Actuarial Data, Financial Datasets, Insurance Calculations, Customer Data, Claim Management Data, , Corporate Documents, Excel Spreadsheets (E.G., Esur Rerating Verification.Xlsx, Claim Data Specifications.Xlsm), Python Scripts, Sql Scripts, Auto Premium Impact Analysis Data, , Customer privacy data, Personal data (customers of internet, TV, home security services), personal information, Personally Identifiable Information (Pii), Account Identifiers, , Personally Identifiable Information (Pii) and .
Which entities were affected by each incident ?
Incident : Data Breach COM13519422
Entity Name: Comcast
Entity Type: Company
Industry: Telecommunications
Location: United States
Customers Affected: 75,000
Incident : Data Breach COM12229722
Entity Name: Comcast
Entity Type: Company
Industry: Telecommunications
Incident : Data Breach COM22281122
Entity Name: Comcast Xfinity
Entity Type: Telecommunications
Industry: Telecommunications
Customers Affected: 26.5 million
Incident : Data Breach COM1740261023
Entity Name: Comcast
Entity Type: Company
Industry: Telecommunications
Customers Affected: 590000
Incident : Data Breach COM152251223
Entity Name: Xfinity by Comcast
Entity Type: Telecommunications
Industry: Telecommunications
Incident : Data Breach, Ransomware COM000100824
Entity Name: Comcast
Entity Type: Telecommunications
Industry: Telecommunications
Customers Affected: 238,000
Incident : Data Breach COM000101324
Entity Name: Comcast
Entity Type: Company
Industry: Telecommunications
Customers Affected: 238,000
Incident : Data Breach COM051072425
Entity Name: Comcast Cable Communications LLC
Entity Type: Company
Industry: Telecommunications
Customers Affected: 35,879,455
Incident : Data Breach COM020090625
Entity Name: Xfinity (Comcast)
Entity Type: Corporation
Industry: Telecommunications / Internet Service Provider
Location: United States
Incident : ransomware COM1802018092925
Entity Name: Comcast Corporation
Entity Type: public company, conglomerate
Industry: media, technology, telecommunications, entertainment
Location: United States (global operations)
Size: large (Fortune 50 company)
Incident : data breach COM5935559102325
Entity Name: Comcast Corporation
Entity Type: public company
Industry: media, technology, telecommunications
Location: Philadelphia, Pennsylvania, U.S.
Size: large (Fortune 500)
Incident : Data Breach COM1920819112525
Entity Name: Comcast
Entity Type: Corporation
Industry: Telecommunications / Media
Location: United States
Size: Large (Fortune 500)
Customers Affected: 237,000
Incident : Data Breach (Third-Party Vendor) COM4835348112525
Entity Name: Comcast Corporation
Entity Type: Public Company (NASDAQ:CMCSA)
Industry: Telecommunications/Media
Location: United States
Size: Large (Revenue: $31.2B in Q3 2024)
Customers Affected: 237,000
Incident : Data Breach (Third-Party Vendor) COM4835348112525
Entity Name: Financial Business and Consumer Solutions (FBCS)
Entity Type: Vendor (Bankrupt)
Industry: Financial Services/Data Processing
Incident : data breach COM0835508112525
Entity Name: Comcast (CMCSA)
Entity Type: public company
Industry: telecommunications, entertainment, internet service provider
Location: United States
Size: large (Fortune 50)
Customers Affected: 237,000
Incident : data breach COM0835508112525
Entity Name: Financial Business and Consumer Solutions (FBCS)
Entity Type: third-party vendor
Industry: debt collection
Incident : data breach COM45102545112625
Entity Name: Comcast Corporation
Entity Type: corporation
Industry: telecommunications
Location: United States
Size: large
Customers Affected: 237,000
Incident : data breach COM45102545112625
Entity Name: Financial Business and Consumer Solutions (FBCS)
Entity Type: vendor (debt collection agency)
Industry: financial services
Incident : Data Breach (Third-Party Vendor) COM4832048112725
Entity Name: Comcast
Entity Type: Telecommunications
Industry: Telecommunications
Location: United States
Size: Large (Fortune 500)
Customers Affected: 275,000
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach COM22281122
Containment Measures: patched the bug quickly
Incident : Data Breach COM1740261023
Remediation Measures: Contacting subscribers reporting unusual behavior
Incident : Data Breach COM152251223
Third Party Assistance: Mandiant.
Incident : Data Breach COM000101324
Communication Strategy: Comcast offered one year of credit monitoring and identity protection services to impacted individuals
Incident : Data Breach COM020090625
Communication Strategy: Public disclosure via Vermont Office of the Attorney General
Incident : data breach COM5935559102325
Communication Strategy: no public response or acknowledgement
Incident : Data Breach COM1920819112525
Remediation Measures: Improved vendor oversight (as per FCC mandate)
Incident : Data Breach (Third-Party Vendor) COM4835348112525
Remediation Measures: Compliance plan with strengthened vendor oversight and customer-privacy safeguards
Incident : data breach COM0835508112525
Remediation Measures: new compliance plan with stricter vendor oversight rules
Communication Strategy: public statement denying blame but committing to improved cybersecurity policies
Enhanced Monitoring: improved cybersecurity policies (vendor monitoring)
Incident : data breach COM45102545112625
Incident Response Plan Activated: True
Remediation Measures: enhanced vendor oversightstricter customer privacy protectionsimproved information security practices
Recovery Measures: customer notificationsfree identity theft protection (12-month credit monitoring)
Communication Strategy: public disclosure via FCCcustomer notificationsadvisories for two-factor authentication
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Mandiant, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach COM13519422
Type of Data Compromised: Personal details
Number of Records Exposed: 75,000
Incident : Data Breach COM12229722
Type of Data Compromised: Home address, Wi-fi name, Wi-fi password
Sensitivity of Data: High
Personally Identifiable Information: Home Address
Incident : Data Breach COM22281122
Type of Data Compromised: Partial social security numbers, Partial home addresses
Number of Records Exposed: 26.5 million
Incident : Data Breach COM1740261023
Type of Data Compromised: Email addresses and passwords
Number of Records Exposed: 590000
Sensitivity of Data: High
Personally Identifiable Information: Email addresses
Incident : Data Breach COM152251223
Type of Data Compromised: Hashed passwords, Usernames
Incident : Data Breach, Ransomware COM000100824
Type of Data Compromised: Names, Social security numbers, Account details
Number of Records Exposed: 238,000
Personally Identifiable Information: NamesSocial Security numbers
Incident : Data Breach COM000101324
Type of Data Compromised: Personal data
Number of Records Exposed: 238,000
Sensitivity of Data: High
Personally Identifiable Information: Names, addresses, Social Security numbers, dates of birth, and Comcast account details
Incident : Data Breach COM051072425
Type of Data Compromised: Usernames, Hashed passwords, Names, Contact information, Last four digits of social security numbers, Dates of birth, Secret questions and answers
Number of Records Exposed: 35,879,455
Sensitivity of Data: High
Incident : Data Breach COM020090625
Type of Data Compromised: Personally identifiable information (pii), Authentication credentials
Sensitivity of Data: High
Data Exfiltration: Likely (unauthorized access confirmed)
Data Encryption: Partially (hashed passwords)
Incident : ransomware COM1802018092925
Type of Data Compromised: Actuarial data, Financial datasets, Insurance calculations, Customer data, Claim management data
Sensitivity of Data: high (potentially includes PII or proprietary business data)
Data Exfiltration: 834.4 GB
File Types Exposed: XLSX (e.g., Esur_rerating_verification.xlsx)XLSM (e.g., Claim Data Specifications.xlsm)Python scriptsSQL scripts
Personally Identifiable Information: potential (unconfirmed)
Incident : data breach COM5935559102325
Type of Data Compromised: Corporate documents, Excel spreadsheets (e.g., esur_rerating_verification.xlsx, claim data specifications.xlsm), Python scripts, Sql scripts, Auto premium impact analysis data
Sensitivity of Data: high (internal corporate and operational data)
Data Exfiltration: 834 GB (decompressed from 186.36 GB compressed)
File Types Exposed: .xlsx.xlsm.py.sql
Incident : Data Breach COM1920819112525
Type of Data Compromised: Customer privacy data
Number of Records Exposed: 237,000
Incident : Data Breach (Third-Party Vendor) COM4835348112525
Type of Data Compromised: Personal data (customers of internet, TV, home security services)
Number of Records Exposed: 237,000
Sensitivity of Data: High (personally identifiable information)
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Incident : data breach COM0835508112525
Type of Data Compromised: personal information
Number of Records Exposed: 237,000
Sensitivity of Data: high (personal information)
Incident : data breach COM45102545112625
Type of Data Compromised: Personally identifiable information (pii), Account identifiers
Number of Records Exposed: 237,000
Sensitivity of Data: high (SSNs, dates of birth, account details)
Data Encryption: True
Incident : Data Breach (Third-Party Vendor) COM4832048112725
Type of Data Compromised: Personally identifiable information (pii)
Number of Records Exposed: 275,000
Sensitivity of Data: High (names, addresses, account details)
Data Exfiltration: Yes
Personally Identifiable Information: Yes
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Contacting subscribers reporting unusual behavior, Improved vendor oversight (as per FCC mandate), Compliance plan with strengthened vendor oversight and customer-privacy safeguards, new compliance plan with stricter vendor oversight rules, enhanced vendor oversight, stricter customer privacy protections, improved information security practices, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by patched the bug quickly and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : ransomware COM1802018092925
Ransom Demanded: $1.2 million (for data deletion or to prevent leak/sale)
Ransomware Strain: Medusa
Data Exfiltration: 834.4 GB
Incident : data breach COM5935559102325
Ransom Demanded: $1.2 million (for data deletion)
Ransomware Strain: Medusa
Data Exfiltration: 834 GB
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through customer notifications, free identity theft protection (12-month credit monitoring), .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach COM020090625
Regulatory Notifications: Reported to Vermont Office of the Attorney General
Incident : ransomware COM1802018092925
Regulatory Notifications: potential (if sensitive data confirmed)
Incident : Data Breach COM1920819112525
Regulations Violated: FCC customer privacy rules
Fines Imposed: $1.5 million
Legal Actions: FCC settlement
Incident : Data Breach (Third-Party Vendor) COM4835348112525
Regulations Violated: FCC consumer privacy rules
Fines Imposed: $1.5 million
Legal Actions: Settlement with FCC; mandated compliance plan
Regulatory Notifications: FCC disclosure
Incident : data breach COM0835508112525
Fines Imposed: $1.5 million (FCC)
Legal Actions: settlement with FCC including compliance plan
Regulatory Notifications: FCC disclosure (August 2024)
Incident : data breach COM45102545112625
Regulations Violated: FCC regulations (customer privacy),
Fines Imposed: $1.5 million
Legal Actions: FCC settlement agreement,
Regulatory Notifications: FCC investigation and disclosure
Incident : Data Breach (Third-Party Vendor) COM4832048112725
Regulations Violated: FCC data protection requirements,
Fines Imposed: $1.5 million
Legal Actions: FCC investigation and settlement
Regulatory Notifications: FCC
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through FCC settlement, Settlement with FCC; mandated compliance plan, settlement with FCC including compliance plan, FCC settlement agreement, , FCC investigation and settlement.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : data breach COM0835508112525
Lessons Learned: Importance of rigorous third-party vendor oversight and cybersecurity compliance for customer data protection.
Incident : data breach COM45102545112625
Lessons Learned: Importance of vetting third-party vendors for cybersecurity risks, Need for robust data security protocols in vendor contracts, Proactive customer support (e.g., credit monitoring) mitigates reputational damage
Incident : Data Breach (Third-Party Vendor) COM4832048112725
Lessons Learned: Protecting customer data requires constant vigilance and assessment of vendor security measures., Organizations must enforce stricter controls and audits of third-party vendors., Transparency and swift action in response to breaches are crucial for maintaining customer trust.
What recommendations were made to prevent future incidents ?
Incident : Data Breach COM1920819112525
Recommendations: Enhance third-party vendor oversight and compliance monitoring to prevent future breaches.
Incident : data breach COM0835508112525
Recommendations: Enhance vendor risk assessment protocols, Implement continuous monitoring of third-party security practices, Strengthen contractual obligations for data protection with vendors, Develop incident response plans specifically for third-party breachesEnhance vendor risk assessment protocols, Implement continuous monitoring of third-party security practices, Strengthen contractual obligations for data protection with vendors, Develop incident response plans specifically for third-party breachesEnhance vendor risk assessment protocols, Implement continuous monitoring of third-party security practices, Strengthen contractual obligations for data protection with vendors, Develop incident response plans specifically for third-party breachesEnhance vendor risk assessment protocols, Implement continuous monitoring of third-party security practices, Strengthen contractual obligations for data protection with vendors, Develop incident response plans specifically for third-party breaches
Incident : data breach COM45102545112625
Recommendations: Implement stricter vendor cybersecurity audits, Enhance encryption and access controls for sensitive customer data, Expand customer education on two-factor authentication and fraud monitoringImplement stricter vendor cybersecurity audits, Enhance encryption and access controls for sensitive customer data, Expand customer education on two-factor authentication and fraud monitoringImplement stricter vendor cybersecurity audits, Enhance encryption and access controls for sensitive customer data, Expand customer education on two-factor authentication and fraud monitoring
Incident : Data Breach (Third-Party Vendor) COM4832048112725
Recommendations: Continuous monitoring of vendor security practices., Mandate periodic security audits for vendors with detailed reporting requirements., Define cybersecurity obligations and breach repercussions in vendor contracts.Continuous monitoring of vendor security practices., Mandate periodic security audits for vendors with detailed reporting requirements., Define cybersecurity obligations and breach repercussions in vendor contracts.Continuous monitoring of vendor security practices., Mandate periodic security audits for vendors with detailed reporting requirements., Define cybersecurity obligations and breach repercussions in vendor contracts.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Importance of rigorous third-party vendor oversight and cybersecurity compliance for customer data protection.Importance of vetting third-party vendors for cybersecurity risks,Need for robust data security protocols in vendor contracts,Proactive customer support (e.g., credit monitoring) mitigates reputational damageProtecting customer data requires constant vigilance and assessment of vendor security measures.,Organizations must enforce stricter controls and audits of third-party vendors.,Transparency and swift action in response to breaches are crucial for maintaining customer trust.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Implement continuous monitoring of third-party security practices, Strengthen contractual obligations for data protection with vendors, Enhance vendor risk assessment protocols, Enhance third-party vendor oversight and compliance monitoring to prevent future breaches. and Develop incident response plans specifically for third-party breaches.
References
Where can I find more information about each incident ?
Incident : Data Breach COM051072425
Source: Maine Office of the Attorney General
Incident : Data Breach COM020090625
Source: Vermont Office of the Attorney General
Date Accessed: 2023-12-18
Incident : ransomware COM1802018092925
Source: Medusa Ransomware Group Dark Web Leak Site
Date Accessed: 2025-09-26
Incident : data breach COM5935559102325
Source: Microsoft Security Advisory (CVE-2025-10035)
Date Accessed: 2025-10-early
Incident : Data Breach (Third-Party Vendor) COM4835348112525
Source: Benzinga
Incident : Data Breach (Third-Party Vendor) COM4835348112525
Source: FCC Settlement Announcement
Incident : data breach COM0835508112525
Source: Federal Communications Commission (FCC)
Incident : data breach COM0835508112525
Source: TipRanks / Market Analysis
Incident : data breach COM45102545112625
Source: Federal Communications Commission (FCC)
Incident : Data Breach (Third-Party Vendor) COM4832048112725
Source: FCC investigation report (2024)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Maine Office of the Attorney General, and Source: Vermont Office of the Attorney GeneralDate Accessed: 2023-12-18, and Source: Hackread.comDate Accessed: 2025-09-26, and Source: Medusa Ransomware Group Dark Web Leak SiteDate Accessed: 2025-09-26, and Source: Hackread.comDate Accessed: 2025-10-19, and Source: Microsoft Security Advisory (CVE-2025-10035)Date Accessed: 2025-10-early, and Source: Benzinga, and Source: FCC Settlement Announcement, and Source: Federal Communications Commission (FCC), and Source: TipRanks / Market Analysis, and Source: Federal Communications Commission (FCC), and Source: FCC investigation report (2024).
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach COM020090625
Investigation Status: Disclosed (ongoing details unspecified)
Incident : ransomware COM1802018092925
Investigation Status: unconfirmed by Comcast; under monitoring by media (Hackread.com)
Incident : data breach COM5935559102325
Investigation Status: ongoing (no official confirmation or denial from Comcast)
Incident : Data Breach (Third-Party Vendor) COM4835348112525
Investigation Status: Resolved (settlement reached)
Incident : data breach COM0835508112525
Investigation Status: resolved (FCC settlement reached)
Incident : data breach COM45102545112625
Investigation Status: resolved (FCC settlement reached)
Incident : Data Breach (Third-Party Vendor) COM4832048112725
Investigation Status: Resolved (FCC settlement reached)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Comcast offered one year of credit monitoring and identity protection services to impacted individuals, Public disclosure via Vermont Office of the Attorney General, no public response or acknowledgement, public statement denying blame but committing to improved cybersecurity policies, Public Disclosure Via Fcc, Customer Notifications and Advisories For Two-Factor Authentication.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : data breach COM45102545112625
Stakeholder Advisories: Fcc Public Disclosure, Customer Notifications With Identity Theft Protection Offers.
Customer Advisories: Monitor financial accounts for fraudulent activityEnable two-factor authentication on Comcast accountsUtilize provided 12-month credit monitoring service
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Fcc Public Disclosure, Customer Notifications With Identity Theft Protection Offers, Monitor Financial Accounts For Fraudulent Activity, Enable Two-Factor Authentication On Comcast Accounts, Utilize Provided 12-Month Credit Monitoring Service and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach COM020090625
Entry Point: Citrix Software Vulnerability
Incident : ransomware COM1802018092925
High Value Targets: Actuarial/Financial Datasets, Insurance Modeling Systems,
Data Sold on Dark Web: Actuarial/Financial Datasets, Insurance Modeling Systems,
Incident : data breach COM5935559102325
Entry Point: exploitation of GoAnywhere MFT vulnerability (CVE-2025-10035)
High Value Targets: Corporate Data, Operational Scripts,
Data Sold on Dark Web: Corporate Data, Operational Scripts,
Incident : data breach COM45102545112625
Entry Point: FBCS computer network
High Value Targets: Customer Pii, Comcast Account Identifiers,
Data Sold on Dark Web: Customer Pii, Comcast Account Identifiers,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach COM020090625
Root Causes: Exploitation of unpatched Citrix software vulnerability
Incident : data breach COM5935559102325
Root Causes: Unpatched Vulnerability (Cve-2025-10035), Lack Of Timely Response To Exploit Warnings,
Incident : Data Breach COM1920819112525
Root Causes: Likely related to third-party vendor vulnerabilities (as implied by FCC mandate for improved oversight)
Corrective Actions: Implementation of stricter vendor oversight protocols as per FCC requirements
Incident : Data Breach (Third-Party Vendor) COM4835348112525
Root Causes: Vendor (FBCS) security failure; lack of oversight
Corrective Actions: Enhanced vendor oversight and customer-privacy safeguards per FCC compliance plan
Incident : data breach COM0835508112525
Root Causes: Inadequate Oversight Of Third-Party Vendor (Fbcs), Vendor'S Bankruptcy Potentially Compromising Data Security Practices, Failure To Enforce Or Verify Compliance With Comcast'S Security Standards By The Vendor,
Corrective Actions: Implementation Of Stricter Vendor Compliance Plan, Enhanced Cybersecurity Policies For Third-Party Risk Management,
Incident : data breach COM45102545112625
Root Causes: Inadequate Vendor Cybersecurity Oversight By Comcast, Fbcs Network Vulnerabilities Leading To Unauthorized Access, Lack Of Proactive Monitoring For Exfiltration Attempts,
Corrective Actions: Implementation Of Compliance Program With Enhanced Vendor Oversight, Stricter Customer Privacy Protections, Improved Information Security Practices Across Operations,
Incident : Data Breach (Third-Party Vendor) COM4832048112725
Root Causes: Inadequate Cybersecurity Measures By Third-Party Vendor, Lack Of Robust Vendor Oversight By Comcast,
Corrective Actions: Enhanced Vendor Accountability Measures, Stricter Security Protocols For Third-Party Data Handling,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Mandiant, , improved cybersecurity policies (vendor monitoring).
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Implementation of stricter vendor oversight protocols as per FCC requirements, Enhanced vendor oversight and customer-privacy safeguards per FCC compliance plan, Implementation Of Stricter Vendor Compliance Plan, Enhanced Cybersecurity Policies For Third-Party Risk Management, , Implementation Of Compliance Program With Enhanced Vendor Oversight, Stricter Customer Privacy Protections, Improved Information Security Practices Across Operations, , Enhanced Vendor Accountability Measures, Stricter Security Protocols For Third-Party Data Handling, .
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was $1.2 million (for data deletion or to prevent leak/sale).
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Unknown, Medusa Ransomware Group and Medusa ransomware group.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on September 2015.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-08.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was 25 million.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal details, Home Address, Wi-Fi Name, Wi-Fi Password, , partial Social Security Numbers, partial home addresses, , Email addresses and passwords, Hashed passwords, Usernames, , Names, Social Security numbers, Account details, , Personal data of approximately 238,000 customers, including names, addresses, Social Security numbers, dates of birth, and Comcast account details, usernames, hashed passwords, names, contact information, last four digits of social security numbers, dates of birth, secret questions and answers, , usernames, hashed passwords, names, contact information, last four digits of Social Security numbers, dates of birth, secret questions and answers, , actuarial reports, product management data, insurance modeling scripts, claim analytics, customer data processing, claim management systems, , 834 GB (decompressed), files including Esur_rerating_verification.xlsx, Claim Data Specifications.xlsm, Python/SQL scripts, , Customer data (237,000 records), Personal data of ~237,000 customers, personal information of ~237,000 customers, names, addresses, Social Security numbers, dates of birth, Comcast account identifiers, , Names, Addresses, Account-related details and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Xfinity Website and Login Page and FBCS computer network.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was mandiant, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was patched the bug quickly.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were dates of birth, partial home addresses, Wi-Fi Name, Hashed passwords, claim management systems, customer data processing, Customer data (237,000 records), addresses, actuarial reports, Names, Wi-Fi Password, usernames, hashed passwords, secret questions and answers, Home Address, Email addresses and passwords, last four digits of social security numbers, Comcast account identifiers, personal information of ~237,000 customers, Usernames, Personal details, Account-related details, names, Personal data of approximately 238,000 customers, including names, addresses, Social Security numbers, dates of birth, and Comcast account details, Addresses, Account details, Social Security numbers, contact information, files including Esur_rerating_verification.xlsx, Claim Data Specifications.xlsm, Python/SQL scripts, partial Social Security Numbers, Personal data of ~237,000 customers, last four digits of Social Security numbers, insurance modeling scripts, claim analytics, product management data and 834 GB (decompressed).
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 64.2M.
Ransomware Information
Regulatory Compliance
What was the highest fine imposed for a regulatory violation ?
Highest Fine Imposed: The highest fine imposed for a regulatory violation was $1.5 million, $1.5 million, $1.5 million (FCC), $1.5 million, $1.5 million.
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was FCC settlement, Settlement with FCC; mandated compliance plan, settlement with FCC including compliance plan, FCC settlement agreement, , FCC investigation and settlement.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Transparency and swift action in response to breaches are crucial for maintaining customer trust.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Implement continuous monitoring of third-party security practices, Define cybersecurity obligations and breach repercussions in vendor contracts., Strengthen contractual obligations for data protection with vendors, Enhance encryption and access controls for sensitive customer data, Expand customer education on two-factor authentication and fraud monitoring, Implement stricter vendor cybersecurity audits, Continuous monitoring of vendor security practices., Enhance vendor risk assessment protocols, Enhance third-party vendor oversight and compliance monitoring to prevent future breaches., Mandate periodic security audits for vendors with detailed reporting requirements. and Develop incident response plans specifically for third-party breaches.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Microsoft Security Advisory (CVE-2025-10035), Federal Communications Commission (FCC), Maine Office of the Attorney General, Hackread.com, Vermont Office of the Attorney General, TipRanks / Market Analysis, Benzinga, Medusa Ransomware Group Dark Web Leak Site, FCC investigation report (2024) and FCC Settlement Announcement.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Disclosed (ongoing details unspecified).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was FCC public disclosure, customer notifications with identity theft protection offers, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Monitor financial accounts for fraudulent activityEnable two-factor authentication on Comcast accountsUtilize provided 12-month credit monitoring service.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an FBCS computer network, Citrix Software Vulnerability and exploitation of GoAnywhere MFT vulnerability (CVE-2025-10035).
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Exploitation of unpatched Citrix software vulnerability, unpatched vulnerability (CVE-2025-10035)lack of timely response to exploit warnings, Likely related to third-party vendor vulnerabilities (as implied by FCC mandate for improved oversight), Vendor (FBCS) security failure; lack of oversight, Inadequate oversight of third-party vendor (FBCS)Vendor's bankruptcy potentially compromising data security practicesFailure to enforce or verify compliance with Comcast's security standards by the vendor, Inadequate vendor cybersecurity oversight by ComcastFBCS network vulnerabilities leading to unauthorized accessLack of proactive monitoring for exfiltration attempts, Inadequate cybersecurity measures by third-party vendorLack of robust vendor oversight by Comcast.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Implementation of stricter vendor oversight protocols as per FCC requirements, Enhanced vendor oversight and customer-privacy safeguards per FCC compliance plan, Implementation of stricter vendor compliance planEnhanced cybersecurity policies for third-party risk management, Implementation of compliance program with enhanced vendor oversightStricter customer privacy protectionsImproved information security practices across operations, Enhanced vendor accountability measuresStricter security protocols for third-party data handling.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=comcast' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
