Comcast is facing a class action lawsuit following a massive data breach that exposed personally identifying information of about 36 million Xfinity customers.
On December 19, Plaintiff Kenneth Hasson filed the suit in Pennsylvania for Comcast’s “failure to properly secure and safeguard highly valuable, protected, personally identifiable information.”
According to the suit, Hasson and others impacted by the breach are now at a higher risk of “fraud, identity theft, and other harms” and those risks “may last of the rest of their lives.” In addition, those impacted by the breach “must devote substantially more time, money, and energy to protect themselves.”
In the complaint, Hasson said he’s had to spend more time monitoring various accounts for detection and prevention that he otherwise wouldn’t have to if the breach hadn’t happened.
Earlier this month, Comcast notified customers of a massive data breach that exposed customer data. The breach likely included sensitive information like hashed passwords, contact details, the last four digits of social security numbers, and birth dates.
“On October 10, 2023, one of Xfinity’s software providers, Citrix, announced a vulnerability in one of its products used by Xfinity and thousands of other companies worldwide,” Comcast said in a statement at the time.
The cable provider said Citrix released a patch to fix the vulnerability and issued additional migration guidance on October 23. Comcast said it “promptly” patched and mitigated its system, but subsequently discovered that there was “unauthorized access” to some of its internal systems between October 16 and October 19 — prior to the mitigation due to the vulnerability.
“We notified federal law enforcement and conducted an investigation into the nature and scope of the incident. On November 16, 2023, it was determined that information was likely acquired,” Comcast said at the time.
Comcast declined to comment further.
Were you impacted by Comcast’s data breach? Let us know in the comments.