Comcast Reaches $117 Million Settlement Over Data Breach Affecting 30 Million Customers Comcast has agreed to a $117 million settlement in a class action lawsuit stemming from a data breach that exposed sensitive information belonging to approximately 30 million Xfinity customers. The settlement includes credit monitoring services and reimbursement for financial losses incurred due to the breach. The breach, which occurred in late 2023, compromised usernames, encrypted passwords, birth dates, security questions and answers, and the last four digits of customers’ Social Security numbers. While full Social Security numbers were not exposed, cybersecurity expert Steve Weisman of Bentley University warned that even partial data can be exploited. The last four digits, combined with other leaked details, could help attackers reconstruct full Social Security numbers, increasing identity theft risks. Weisman also highlighted the broader threat of targeted phishing attacks, or "spear phishing," where scammers use stolen personal data to craft convincing fraudulent emails. Despite the settlement, Comcast has not yet provided details on how affected customers can file claims. The case reflects a growing trend of class action lawsuits following data breaches, as companies face legal consequences for inadequate security measures. The settlement underscores the financial and reputational risks of failing to protect customer data.

North Korean Lazarus Group Expands into Ransomware with Medusa Attacks North Korea’s state-backed Lazarus Group has entered the commercial ransomware market, leveraging the Medusa ransomware-as-a-service (RaaS) operation to target organizations in the Middle East and the U.S. While an attempted breach of U.S. healthcare entities failed, the campaign underscores a growing trend: nation-state actors adopting cybercrime tools for financial gain. Since its emergence in 2023, Medusa has been linked to over 300 successful attacks, including high-profile victims like Comcast and NASCAR. By partnering with Medusa, Lazarus gains access to an established criminal infrastructure, obscuring its identity behind typical ransomware affiliates and complicating attribution for defenders. The group’s attacks follow a multi-stage process, beginning with the deployment of tools to disable security protections. Custom backdoors like Blindingcan and Comebacker establish persistent access, while credential theft tools (ChromeStealer, Mimikatz) and data exfiltration utilities (Infohook, RP_Proxy) extract sensitive information before ransomware deployment. By the time Medusa encrypts systems, attackers have already exfiltrated critical data. Recent targets reveal a focus on vulnerable institutions, including a U.S. mental health nonprofit and a school for children with autism. Ransom demands average $260,000 a calculated figure designed to pressure cash-strapped organizations into paying quickly. This strategy aligns with Lazarus’ broader shift toward financially motivated attacks, following a similar 2024 collaboration between North Korea’s Jumpy Pisces (Andariel) and the Play ransomware group. Experts note the tactical logic: targeting underfunded sectors like healthcare and education maximizes emotional leverage, increasing the likelihood of payment. The convergence of state-sponsored espionage and ransomware operations means even small organizations previously overlooked by advanced threat actors now face sophisticated, government-backed cyber threats.

Comcast, a major telecommunications conglomerate, faced a regulatory penalty of $1.5 million imposed by the Federal Communications Commission (FCC) due to a data breach that exposed the personal information of 237,000 customers. The incident stemmed from inadequate vendor oversight, leading to unauthorized access to sensitive customer data, including names, addresses, phone numbers, and potentially financial details. The FCC settlement requires Comcast to implement stricter third-party risk management protocols, enhance data protection measures, and conduct regular audits to prevent future breaches. While the financial penalty is significant, the reputational damage and erosion of customer trust pose long-term risks. The breach did not result in confirmed identity theft or fraudulent transactions tied directly to the exposed data, but the scale of affected individuals and regulatory scrutiny underscore the severity of the lapses in cybersecurity governance. The incident highlights the growing regulatory focus on vendor-related security failures in safeguarding consumer privacy.

Chinese Hacking Group Salt Typhoon Linked to Breaches at Comcast and Digital Realty U.S. security agencies have identified Comcast and Digital Realty as likely targets of Salt Typhoon, a Chinese state-backed hacking group previously tied to a multi-year espionage campaign against global telecom operators. The National Security Agency (NSA) assessed Comcast as a probable victim, while the Cybersecurity and Infrastructure Security Agency (CISA) flagged Digital Realty as potentially compromised, according to three anonymous sources familiar with the matter. Salt Typhoon, part of a broader network of China-linked cyber actors, was first exposed last year for infiltrating major telecom carriers. The group’s access to data center infrastructure such as Digital Realty’s global network could grant unprecedented surveillance capabilities, allowing hackers to monitor internal traffic between cloud providers, governments, and enterprises that typically bypass public internet protections. Uncertainty and Legal Barriers U.S. agencies hold inconsistent lists of confirmed or suspected victims, complicating investigations. Some telecom providers have reportedly avoided internal probes into Salt Typhoon’s presence, citing legal strategies to limit disclosure. CISA has attempted to notify affected companies since December, though the effectiveness of these communications remains unclear. Comcast denied evidence of a breach, stating it had found no signs of Salt Typhoon in its enterprise network. Digital Realty did not respond to requests for comment, while CISA, the NSA, and the FBI declined to provide details. National Security Risks An intrusion into either company could have severe implications. Comcast serves 51 million broadband customers and 8.1 million wireless users, while Digital Realty operates 300+ data centers across 25 countries, hosting infrastructure for major clients like AWS, Google Cloud, Microsoft, and IBM. Experts warn that Salt Typhoon’s foothold in data centers could enable deeper surveillance of private communications, including traffic between cloud and on-premises systems. The group’s tactics rely on exploiting known vulnerabilities, some dating back to 2018, and credential theft highlighting persistent gaps in patch management for critical infrastructure. Despite public assurances from companies, officials and cybersecurity experts believe Salt Typhoon remains embedded in telecom networks. Sen. Josh Hawley (R-Mo.) recently stated in a hearing that the hackers retain "unlimited access" to U.S. communications, including voice messages and calls. Political and Investigative Fallout The breaches have drawn sharp criticism from lawmakers. The House China Select Committee called the reported intrusions a "serious and deeply concerning" example of China’s efforts to undermine U.S. digital infrastructure. Rep. Mark Green (R-Tenn.), chair of the House Homeland Security Committee, has pressed the Department of Homeland Security (DHS) for documents on Salt Typhoon and another Chinese hacking unit, Volt Typhoon, citing concerns over CISA’s limited visibility into the attacks. The Cyber Safety Review Board, a DHS body disbanded under the Trump administration, had been investigating the telecom hacks before its dissolution. Lawmakers have since urged its reinstatement, while CISA faces proposed budget cuts that could further hinder its response capabilities. Salt Typhoon’s campaign also targeted lawful intercept systems, which telecom providers use to comply with government surveillance requests. Reports indicate the group accessed communications metadata linked to former President Donald Trump, Vice President JD Vance, and other U.S. officials, underscoring the operation’s national security stakes.

Comcast Corporation (NASDAQ:CMCSA) faced a $1.5 million fine from the Federal Communications Commission (FCC) after its vendor, Financial Business and Consumer Solutions (FBCS), exposed the personal data of ~237,000 current and former customers using Comcast’s internet, TV, and home security services. The breach occurred in August 2024, but FBCS filed for bankruptcy before disclosing it. The exposed data included customer information linked to Comcast’s services, though specifics (e.g., financial details, exact PII types) were not detailed.The FCC mandated a new compliance plan with stricter vendor oversight and privacy safeguards. While Comcast reported strong Q3 earnings ($31.2B revenue, beating estimates), the breach added regulatory pressure amid broader scrutiny, including political tensions with President Trump over NBC’s content. The stock declined 29.29% YTD and dropped 3.25% on the day of the announcement, reflecting investor concerns over reputational and compliance risks.

The FCC's Enforcement Bureau said Comcast has agreed to pay $1.5 million to resolve a vendor data breach that exposed personal data from more than 237,000 current and former customers. In an order (PDF) published last week, Comcast's "voluntary contribution" of $1.5 million is being combined with a compliance plan that includes, among other things, "certain Vendor oversight practices related to customer privacy and information protection." Tied in, Comcast will take steps to "enhance an existing data inventory program" designed to accurately track personally identifiable subscriber information that is shared with vendors. Comcast told Reuters that it "was not responsible for and has not conceded any wrongdoing in connection with this incident." As Light Reading reported in October 2024, Comcast had notified 237,703 customers that data, including home addresses and social security numbers, was stolen through a ransomware attack on a third-party debt collection agency – Financial Business and Consumer Solutions (FBCS) – that is no longer used by Comcast. CF Medical/Capio and Truist Bank were also impacted by the cybersecurity attack on FBCS. Former vendor alerted Comcast of data breach in 2024 FBCS had originally notified Comcast in March 2024 that it had been the target of a data breach, but that Comcast consumer data was not impacted. Then, in July 2024, FBCS followed up to inform Comcast that a new finding had discovered some Comcast data was impacted. An FBCS investiga

Comcast Corporation faced a severe data breach in 2024 due to a cyberattack on its former vendor, Financial Business and Consumer Solutions (FBCS), a debt collection agency. Unauthorized actors gained access to FBCS’s network, exfiltrating and encrypting sensitive personal data of 237,000 current and former Comcast customers, including names, addresses, Social Security numbers, dates of birth, and Comcast account identifiers. The breach exposed victims to high risks of identity theft and financial fraud, compounded by FBCS’s bankruptcy filing shortly before disclosure.The FCC imposed a $1.5 million fine on Comcast, which, while not admitting liability, agreed to enhance vendor oversight, privacy protections, and cybersecurity measures. Affected customers received 12 months of free credit monitoring and identity theft protection, alongside advisories to enable two-factor authentication and monitor financial accounts. The incident underscores critical vulnerabilities in third-party vendor security and the cascading risks of inadequate data protection protocols.

Comcast experienced a significant data breach in February 2024 caused by a third-party vendor’s cybersecurity failures, exposing the personal information of nearly 275,000 customers, including names, addresses, and account details. The breach stemmed from inadequate security measures by the vendor, leading to unauthorized access and severe privacy risks. The incident triggered an FCC investigation, resulting in a $1.5 million fine and reputational damage, as customers questioned Comcast’s ability to protect their data. The case highlights critical gaps in vendor oversight and underscores the financial, regulatory, and trust-related consequences of third-party security lapses. While Comcast settled the probe, the breach serves as a warning for organizations to enforce stricter vendor audits, continuous monitoring, and clear contractual cybersecurity obligations to prevent similar incidents.

The Federal Communications Commission announced this week that Comcast will pay a $1.5 million civil penalty to resolve an investigation into a 2024 data breach at one of its former debt-collection vendors that exposed the personal information of approximately 237,000 current and former customers. According to the FCC’s enforcement bureau, the compromised data belonged to subscribers of Comcast’s Xfinity internet, television, and home-security services. The breach occurred at Financial Business and Consumer Solutions (FBCS), a third-party debt collector that Comcast had retained until 2022. Even though the business relationship ended two years earlier, FBCS continued to store Comcast customer records containing sensitive personal information. The incident came to light in early 2024 when FBCS notified affected individuals that cybercriminals had gained unauthorized access to its systems. The exposed information reportedly included names, addresses, dates of birth, partial or full Social Security numbers, account numbers, and details about services subscribers had purchased from Comcast. In some cases, driver’s license numbers and security questions used for account verification were also compromised. FCC investigators determined that Comcast failed to implement adequate oversight of its former vendor’s data-security practices after the relationship ended. Although Comcast had contractually required FBCS to maintain reasonable security measures and to delete customer data o

Xfinity by Comcast reports a data breach following a cyberattack that took use of the CitrixBleed vulnerability. By taking use of this vulnerability, threat actors were able to take over active authenticated connections and get around multifactor authentication and other stringent authentication regulations. The security company Mandiant saw threat actors taking control of sessions in which the threat actor used session data that had been taken prior to the patch being deployed. The business discovered that hashed passwords and usernames are among the different client data that is exposed.

The Vermont Office of the Attorney General disclosed that Xfinity suffered a data breach stemming from a vulnerability in Citrix’s software, enabling unauthorized access between October 16–19, 2023. The exposed data included usernames, hashed passwords, full names, contact details, the last four digits of Social Security numbers, dates of birth, and secret questions/answers. While the breach did not involve full Social Security numbers or financial data, the compromised credentials and personal identifiers pose significant risks, including identity theft, phishing attacks, and account takeovers. The incident was publicly reported on December 18, 2023, highlighting delays in detection and disclosure. The breach’s scope suggests potential long-term reputational damage and regulatory scrutiny, particularly given the sensitivity of the leaked information and the scale of Xfinity’s customer base.

The Medusa ransomware group breached Comcast Corporation, a global media and technology company, in late September 2025, exfiltrating 834 GB of data. The group leaked 186.36 GB of compressed data (expanding to ~834 GB) on October 19, 2025, after Comcast refused to pay a $1.2 million ransom. The leaked files included sensitive records such as Esur_rerating_verification.xlsx, Claim Data Specifications.xlsm, and proprietary Python/SQL scripts related to auto premium analysis. The data was split into 47 files (45 x 4 GB + 1 x 2 GB) and made available for purchase on the dark web.Comcast did not respond to inquiries, leaving the breach unconfirmed but highly credible given Medusa’s track record—including a prior $4M ransomware attack on NASCAR in April 2025. The group exploited the GoAnywhere MFT vulnerability (CVE-2025-10035, CVSS 10.0) for initial access. This incident follows Comcast’s 2023 Xfinity breach, where a Citrix vulnerability exposed 35.9 million user accounts. The leaked data’s scale and sensitivity suggest severe operational, financial, and reputational risks for Comcast, with potential regulatory and customer trust repercussions.

Comcast Nears $117.5M Settlement Over 2023 Data Breach Affecting 30M Customers A federal judge in Pennsylvania’s Eastern District has granted preliminary approval for a $117.5 million settlement in a class-action lawsuit against Comcast, stemming from a 2023 cyber intrusion that potentially exposed sensitive data of over 30 million current and former customers. If finalized, the agreement would resolve two dozen lawsuits filed against the telecommunications giant. Affected customers would receive one of two remedies: - Three years of financial monitoring and identity theft protection, or - A choice between reimbursement for documented losses up to $10,000 or a $50 cash payment. The settlement structure allows for proof-based compensation for those who can demonstrate harm, while others may opt for a flat payout. Comcast, while not opposing the settlement, has denied liability for the breach, disputing the plaintiffs’ claims in court filings. The company has not commented publicly on the matter. The final court review will determine whether the agreement is approved.

Comcast, a major entertainment and telecommunications conglomerate, faced regulatory and financial repercussions after a third-party vendor data breach exposed the personal information of approximately 237,000 customers. The breach occurred at Financial Business and Consumer Solutions (FBCS), a now-bankrupt debt-collection vendor that Comcast had engaged until 2022. The incident, disclosed in August 2024, involved customer data from Comcast’s internet, TV, and home security services. While Comcast’s own systems remained uncompromised, the FCC imposed a $1.5 million fine and mandated stricter vendor oversight under a new compliance plan. The breach raised concerns over vendor risk management, particularly as FBCS had already filed for bankruptcy before the exposure was revealed. Comcast denied liability but committed to enhancing cybersecurity policies to prevent future incidents. The financial and reputational fallout contributed to a 3% stock decline on the day of the announcement, compounding a 38.75% year-over-year loss in share value.

Comcast was affected by a data breach at Financial Business and Consumer Solutions (FBCS), a third-party agency providing collection-related services. The breach exposed personal data of approximately 238,000 customers, including names, addresses, Social Security numbers, dates of birth, and Comcast account details. The incident was the result of unauthorized network access and a ransomware attack at FBCS between February 14 and 26, 2024. Comcast ceased working with FBCS in 2020, but due to data retention requirements, FBCS still held Comcast customer data from around 2021. While FBCS has not observed misuse of the compromised data, Comcast offered one year of credit monitoring and identity protection services to impacted individuals.

Comcast Xfininty's login page had a bug that allowed anyone to gain access to the partial Social Security Numbers and partial home addresses of over 26.5 million customers. The company patched the bug quickly after being notified of its existence.

A bug in Comcast's website used to activate Xfinity compromised sensitive information on the company's customers. The website, used by customers to set up their home internet and cable service, was used to trick into displaying the home address where the router is located, as well as the Wi-Fi name and password. Only a customer account ID and that customer's house or apartment number are needed, even though the web form asks for a full address. That information could be grabbed from a discarded bill or obtained from an email. The bug returns data even if the Xfinity Wi-Fi is already switched on. It's also possible to rename Wi-Fi network names and passwords, temporarily locking users out.

A BlackMarket on the dark web was offering about 590,000 Comcast email addresses and passwords for sale. The seller presented a list of 112 accounts asking for $300 USD for 100,000 accounts, and the complete list of 590,000 accounts sells for $1,000 USD as evidence of the reliability of the Comcast data. Approximately 200,000 out of the 590,000 records that were being sold on the illicit market were still active, according to Comcast, which was in possession of the list and had been examining the exposed information. The systems of Comcast have not been penetrated, according to the company's security staff, and each subscriber who reports unusual behaviour on his account will be contacted individually to address the problem.

Comcast, a US company, suffered a data breach incident in September 2015. The breach compromised the personal details of about 75,000 of its customers. The company had offered $100 to the affected customers and $25 million to the state agencies as compensation.

The Medusa ransomware group claimed responsibility for a cyberattack on Comcast Corporation, a global media and technology conglomerate. The group allegedly exfiltrated 834.4 GB of data, including actuarial reports, insurance modeling scripts, claim analytics, and customer data processing files (e.g., Esur_rerating_verification.xlsx, Claim Data Specifications.xlsm, Python/SQL scripts). They demanded $1.2 million to either delete the data or prevent its sale/leak, publishing 167,121 file entries and 20 screenshots as proof. The breach risks exposing sensitive financial, customer, and operational data, potentially triggering regulatory scrutiny. Comcast has not confirmed the attack, but Medusa’s history (e.g., a $4M ransom demand on NASCAR in 2025, later confirmed as a breach) suggests credibility. The leaked data’s scale—spanning insurance, premium analysis, and claims—implies severe operational and reputational damage. Previous incidents (e.g., 200,000 Comcast credentials leaked in 2015) highlight vulnerabilities in legacy data protection. If validated, the breach could disrupt Comcast’s subsidiaries (NBCUniversal, Sky, Peacock) and erode trust in its cybersecurity posture.