A 2023 data breach exposed usernames, hashed passwords, and in some cases the last four digits of Social Security numbers, contact info and security answers.
Comcast has agreed to pay $117.5 million to settle a class action lawsuit stemming from a 2023 cyberattack that exposed the personal information of tens of millions of Xfinity customers. The proposed settlement, which is pending approval in the U.S. District Court for the Eastern District of Pennsylvania, aims to resolve allegations that the company failed to adequately safeguard customer data.
The breach occurred between October 16 and October 19, 2023, when hackers exploited a vulnerability in Citrix software. Comcast disclosed the incident in December 2023, revealing that approximately 35.8 million customers were affected, making it one of the largest data breaches in the company’s history. The compromised data included usernames, hashed passwords, and, in some cases, the last four digits of Social Security numbers, contact details, and answers to security questions.
Despite agreeing to the settlement, Comcast has denied any wrongdoing or violation of the law. The agreement is intended to avoid prolonged litigation while providing affected customers with financial compensation and identity protection services.
Under the terms of the settlement, customers who received a breach notification from Comcast are automatically included in the settlement class. Eligible individuals can file claims for reimbursement of documented out-of-pocket losses related to the breach, such as expenses for identity theft recovery, credit monitoring, or credit freezes incurred after October 16, 2023. These claims are capped at $10,000 per person.
In addition, customers may claim compensation for time spent addressing fraud or implementing preventative measures, with reimbursement available for up to five hours at a rate of $30 per hour. Those who do not have documented losses can opt for an alternative cash payment of approximately $50, although the final amount may vary depending on the total number of claims submitted.
All settlement class members will also be eligible to enroll in three years of identity protection services. These services include credit monitoring, dark web monitoring, up to $1 million in identity theft insurance, and access to fraud resolution specialists.
Customers must submit their claims by August 14, either online through the official settlement website or by mail via the settlement administrator, Kroll Settlement Administration LLC. To file a claim, individuals will need a unique Class Member ID, which was provided in the breach notification or can be retrieved online.
A final approval hearing for the settlement is scheduled for July 7. Customers who choose not to file a claim will remain part of the settlement class and forfeit their right to pursue separate legal action related to the breach. However, they will still be eligible to enroll in the identity protection services once the settlement receives final approval.
The case underscores the growing legal and financial consequences companies face following large-scale data breaches, particularly as cyberattacks increasingly target third-party software vulnerabilities and expose sensitive consumer information.
Recommended Cyber Technology News :
- BigID Launches Unified AI and Data Privacy Platform
- Perfios Launches DPDP Suite to Simplify Data Privacy Compliance in India
- SecureMac Announces Metadata Privacy App MetaWipe for Apple Macs
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
