Comcast settles for $117.5M

Comcast customers affected by a 2023 Xfinity data breach can now file claims in a $117.5 million class-action settlement. (comcastbreachsettlement.com) The case stems from a cyberattack Comcast disclosed on December 18, 2023, saying attackers accessed customer data between October 16 and October 19, 2023. Comcast said the stolen information included usernames, passwords, names, contact details, dates of birth and the last four digits of Social Security numbers. (cnet.com) The settlement website says the lawsuit is Hasson v. Comcast Cable Communications, LLC in the United States District Court for the Eastern District of Pennsylvania. Plaintiffs alleged Comcast failed to protect personal information and gave inadequate notice; Comcast denies wrongdoing and liability. (comcastbreachsettlement.com) Customers who qualify can seek a flat cash payment or reimbursement for documented losses, depending on what they submit. The claim form allows requests for up to $10,000 in out-of-pocket losses and lost time tied to the breach. (forms.ksacms.com) The settlement also includes three years of identity defense and restoration services for class members. The claim form says those services include one-bureau credit monitoring, dark web monitoring and up to $1 million in identity theft insurance. (forms.ksacms.com) The deadline to file a claim, opt out, or object is August 14, 2026, according to the settlement frequently asked questions. CNET reported the court’s final approval hearing is scheduled for July 7, 2026, and payments would come only after final approval. (comcastbreachsettlement.com) (cnet.com) Comcast tied the original breach to a wider attack on systems using Citrix software, after Citrix disclosed a vulnerability in October 2023 that hackers had been exploiting. Comcast said in 2023 that it patched and mitigated the flaw, then later found attackers had still downloaded data from internal systems. (cnet.com) The settlement documents list Comcast, Comcast Corporation, Citrix Systems Inc. and Cloud Software Group Inc. as defendants. The website says the parties agreed to settle to avoid the cost and risk of trial rather than wait for a court ruling on the merits. (comcastbreachsettlement.com) For affected customers, the next step is simple but time-sensitive: file by August 14, 2026, or the cash portion is gone. For Comcast, the case keeps a 2023 breach on the books into 2026, with court review still ahead. (comcastbreachsettlement.com)