Comcast Corporation

The Medusa ransomware group claimed responsibility for a cyberattack on **Comcast Corporation**, a global media and technology conglomerate. The group allegedly exfiltrated **834.4 GB of data**, including actuarial reports, insurance modeling scripts, claim analytics, and customer data processing files (e.g., *Esur_rerating_verification.xlsx*, *Claim Data Specifications.xlsm*, Python/SQL scripts). They demanded **$1.2 million** to either delete the data or prevent its sale/leak, publishing **167,121 file entries** and **20 screenshots** as proof. The breach risks exposing sensitive financial, customer, and operational data, potentially triggering regulatory scrutiny. Comcast has not confirmed the attack, but Medusa’s history (e.g., a **$4M ransom demand on NASCAR** in 2025, later confirmed as a breach) suggests credibility. The leaked data’s scale—spanning insurance, premium analysis, and claims—implies severe operational and reputational damage. Previous incidents (e.g., **200,000 Comcast credentials leaked in 2015**) highlight vulnerabilities in legacy data protection. If validated, the breach could disrupt Comcast’s subsidiaries (NBCUniversal, Sky, Peacock) and erode trust in its cybersecurity posture.

Source: https://hackread.com/medusa-ransomware-comcast-data-breach/

TPRM report: https://www.rankiteo.com/company/comcast

"id": "com1802018092925",
"linkid": "comcast",
"type": "Ransomware",
"date": "6/2015",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'industry': ['media',
                                     'technology',
                                     'telecommunications',
                                     'entertainment'],
                        'location': 'United States (global operations)',
                        'name': 'Comcast Corporation',
                        'size': 'large (Fortune 50 company)',
                        'type': ['public company', 'conglomerate']}],
 'data_breach': {'data_exfiltration': '834.4 GB',
                 'file_types_exposed': ['XLSX (e.g., '
                                        'Esur_rerating_verification.xlsx)',
                                        'XLSM (e.g., Claim Data '
                                        'Specifications.xlsm)',
                                        'Python scripts',
                                        'SQL scripts'],
                 'personally_identifiable_information': 'potential '
                                                        '(unconfirmed)',
                 'sensitivity_of_data': 'high (potentially includes PII or '
                                        'proprietary business data)',
                 'type_of_data_compromised': ['actuarial data',
                                              'financial datasets',
                                              'insurance calculations',
                                              'customer data',
                                              'claim management data']},
 'date_publicly_disclosed': '2025-09-26',
 'description': 'The Medusa ransomware group claimed responsibility for a '
                'ransomware attack on Comcast Corporation, a global media and '
                'technology company. The group exfiltrated 834.4 GB of data, '
                'including actuarial reports, product management data, '
                'insurance modeling scripts, and claim analytics. They '
                'demanded $1.2 million for the data to be deleted or not '
                'leaked/sold. The group posted screenshots and a file listing '
                'of 167,121 entries as proof of compromise. Comcast has not '
                'publicly confirmed or denied the breach as of the report '
                'date.',
 'impact': {'brand_reputation_impact': 'potential high impact (unconfirmed)',
            'data_compromised': ['actuarial reports',
                                 'product management data',
                                 'insurance modeling scripts',
                                 'claim analytics',
                                 'customer data processing',
                                 'claim management systems'],
            'identity_theft_risk': 'potential (if customer data included)',
            'legal_liabilities': 'potential regulatory scrutiny (unconfirmed)'},
 'initial_access_broker': {'data_sold_on_dark_web': 'potential (if ransom '
                                                    'unpaid)',
                           'high_value_targets': ['actuarial/financial '
                                                  'datasets',
                                                  'insurance modeling '
                                                  'systems']},
 'investigation_status': 'unconfirmed by Comcast; under monitoring by media '
                         '(Hackread.com)',
 'motivation': ['financial gain', 'extortion'],
 'ransomware': {'data_exfiltration': '834.4 GB',
                'ransom_demanded': '$1.2 million (for data deletion or to '
                                   'prevent leak/sale)',
                'ransomware_strain': 'Medusa'},
 'references': [{'date_accessed': '2025-09-26', 'source': 'Hackread.com'},
                {'date_accessed': '2025-09-26',
                 'source': 'Medusa Ransomware Group Dark Web Leak Site'}],
 'regulatory_compliance': {'regulatory_notifications': 'potential (if '
                                                       'sensitive data '
                                                       'confirmed)'},
 'threat_actor': 'Medusa Ransomware Group',
 'title': 'Medusa Ransomware Attack on Comcast Corporation',
 'type': ['ransomware', 'data breach', 'data exfiltration']}