Comcast Settles $117.5M Data Breach Class Action for Xfinity Customers

Severity: High (Score: 64.5)

Sources: Aol, Cnet

Summary

Comcast has agreed to a $117.5 million settlement due to a data breach that exposed personal information of approximately 36 million Xfinity customers in October 2023. The breach, which was publicly disclosed on December 18, 2023, resulted from hackers exploiting a Citrix software vulnerability. Affected customers may claim a flat payment of around $50 or up to $10,000 for documented losses. The settlement is open for claims until August 14, 2026, with a final court approval hearing scheduled for July 7, 2026. Comcast denied wrongdoing but opted for a settlement to resolve the class-action lawsuit. Customers must have received a breach notification to be eligible for compensation. The breach involved sensitive data, including usernames, passwords, and Social Security numbers. Key Points: • Comcast's data breach affected approximately 36 million Xfinity customers. • The breach was linked to a Citrix software vulnerability exploited by hackers. • Eligible customers can claim up to $10,000 for documented losses related to the breach.

Key Entities

• Data Breach (attack_type)
• Comcast (company)
• Citrix (company)
• United States (country)
• CWE-200 - Exposure of Sensitive Information (cwe)
• T1190 - Exploit Public-Facing Application (mitre_attack)