Comcast Data Breach Settlement: 31.6–35 Million Customers Affected
A major data breach at Comcast Cable Communications LLC exposed sensitive information of 31.6 to 35 million customers, including usernames, hashed passwords, contact details, and partial Social Security numbers. The breach, caused by a software vulnerability, occurred in October 2023 and was reported by the company in December 2023.
The incident led to a class-action lawsuit, Hasson v. Comcast Cable Communications LLC, alleging inadequate data protection. While Comcast denies wrongdoing, a settlement has been reached to resolve claims. Affected customers who received a breach notice are eligible for compensation, with two options:
- $50 cash payment for those impacted.
- Up to $150 for reimbursement of lost time (up to 3 hours at $30/hour) or documented out-of-pocket expenses tied to the breach.
Claims must be submitted by August 14, 2024, via the official settlement website or mail to Hasson v. Comcast Cable Communications LLC, c/o Kroll Settlement Administration LLC. A final hearing to approve the settlement is set for July 7, 2024, with payments expected later this year.
The case underscores the financial and reputational risks companies face due to cybersecurity failures.
COMCAST CABLE COMMUNICATIONS MANAGEMENT, LLC cybersecurity rating report: https://www.rankiteo.com/company/comcast-cable-communications-management-llc
"id": "COM1776178473",
"linkid": "comcast-cable-communications-management-llc",
"type": "Breach",
"date": "10/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '31.6–35 million',
'industry': 'Telecommunications',
'name': 'Comcast Cable Communications LLC',
'size': 'Large',
'type': 'Corporation'}],
'attack_vector': 'Software Vulnerability',
'customer_advisories': 'Breach notice sent to affected customers; claims '
'submission deadline: August 14, 2024',
'data_breach': {'data_encryption': 'Hashed passwords',
'number_of_records_exposed': '31.6–35 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Usernames',
'Hashed passwords',
'Contact details',
'Partial Social Security '
'numbers']},
'date_detected': '2023-10',
'date_publicly_disclosed': '2023-12',
'description': 'A major data breach at Comcast Cable Communications LLC '
'exposed sensitive information of 31.6 to 35 million '
'customers, including usernames, hashed passwords, contact '
'details, and partial Social Security numbers. The breach was '
'caused by a software vulnerability and led to a class-action '
'lawsuit.',
'impact': {'brand_reputation_impact': 'Reputational risks due to '
'cybersecurity failures',
'customer_complaints': 'Class-action lawsuit (Hasson v. Comcast '
'Cable Communications LLC)',
'data_compromised': 'Usernames, hashed passwords, contact details, '
'partial Social Security numbers',
'financial_loss': 'Settlement payouts (up to $150 per affected '
'customer)',
'identity_theft_risk': 'High (partial Social Security numbers '
'exposed)',
'legal_liabilities': 'Class-action settlement'},
'investigation_status': 'Settlement reached',
'lessons_learned': 'Financial and reputational risks due to cybersecurity '
'failures',
'post_incident_analysis': {'root_causes': 'Software vulnerability'},
'references': [{'source': 'Class-action settlement notice',
'url': 'https://www.comcastsettlement.com'}],
'regulatory_compliance': {'legal_actions': 'Class-action lawsuit (Hasson v. '
'Comcast Cable Communications '
'LLC)'},
'response': {'communication_strategy': 'Breach notice sent to affected '
'customers'},
'title': 'Comcast Data Breach Settlement: 31.6–35 Million Customers Affected',
'type': 'Data Breach'}