Comcast Reaches $117 Million Settlement Over Data Breach Affecting 30 Million Customers
Comcast has agreed to a $117 million settlement in a class action lawsuit stemming from a data breach that exposed sensitive information belonging to approximately 30 million Xfinity customers. The settlement includes credit monitoring services and reimbursement for financial losses incurred due to the breach.
The breach, which occurred in late 2023, compromised usernames, encrypted passwords, birth dates, security questions and answers, and the last four digits of customers’ Social Security numbers. While full Social Security numbers were not exposed, cybersecurity expert Steve Weisman of Bentley University warned that even partial data can be exploited. The last four digits, combined with other leaked details, could help attackers reconstruct full Social Security numbers, increasing identity theft risks.
Weisman also highlighted the broader threat of targeted phishing attacks, or "spear phishing," where scammers use stolen personal data to craft convincing fraudulent emails. Despite the settlement, Comcast has not yet provided details on how affected customers can file claims.
The case reflects a growing trend of class action lawsuits following data breaches, as companies face legal consequences for inadequate security measures. The settlement underscores the financial and reputational risks of failing to protect customer data.
Comcast cybersecurity rating report: https://www.rankiteo.com/company/comcast
"id": "COM1774477423",
"linkid": "comcast",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '30 million',
'industry': 'Telecommunications',
'name': 'Comcast (Xfinity)',
'type': 'Corporation'}],
'customer_advisories': 'Details on how affected customers can file claims not '
'yet provided',
'data_breach': {'data_encryption': 'Encrypted passwords',
'number_of_records_exposed': '30 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Usernames',
'Encrypted passwords',
'Birth dates',
'Security questions and answers',
'Last four digits of Social '
'Security numbers']},
'date_detected': '2023',
'description': 'Comcast has agreed to a $117 million settlement in a class '
'action lawsuit stemming from a data breach that exposed '
'sensitive information belonging to approximately 30 million '
'Xfinity customers. The breach compromised usernames, '
'encrypted passwords, birth dates, security questions and '
'answers, and the last four digits of customers’ Social '
'Security numbers.',
'impact': {'brand_reputation_impact': 'Reputational risks due to inadequate '
'security measures',
'data_compromised': 'Usernames, encrypted passwords, birth dates, '
'security questions and answers, last four '
'digits of Social Security numbers',
'financial_loss': '$117 million settlement',
'identity_theft_risk': 'Increased risk due to partial Social '
'Security number exposure',
'legal_liabilities': 'Class action lawsuit settlement'},
'lessons_learned': 'The case reflects a growing trend of class action '
'lawsuits following data breaches, highlighting the '
'financial and reputational risks of failing to protect '
'customer data.',
'post_incident_analysis': {'root_causes': 'Inadequate security measures'},
'references': [{'source': 'Cybersecurity expert Steve Weisman (Bentley '
'University)'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit'},
'title': 'Comcast Data Breach Settlement',
'type': 'Data Breach'}