Comcast has reached a proposed $117.5 million settlement in a class-action lawsuit stemming from a cybersecurity incident in October 2023. The breach, which exposed sensitive personal information of approximately 36 million Xfinity customers, has led to widespread concerns about identity theft and data security. While Comcast denies any wrongdoing, the settlement aims to provide relief to impacted individuals through cash payments, reimbursements, and identity protection services.
The incident occurred between October 16 and 19, 2023, when hackers exploited a vulnerability in Citrix software to gain unauthorized access to Comcast’s internal systems. Affected data included usernames, passwords, names, contact information, the last four digits of Social Security numbers, dates of birth, and secret questions and answers for many customers. Comcast publicly disclosed the breach on December 18, 2023, sending notifications to those potentially impacted. The class-action lawsuit, Hasson v. Comcast Cable Communications LLC, filed in the U.S. District Court for the Eastern District of Pennsylvania, accused the company of failing to adequately safeguard customer data in line with its legal obligations under the federal Cable Act and other privacy standards.
Under the terms of the settlement, Comcast will establish a $117.5 million fund to cover various costs, including direct payments to class members, administrative expenses, attorneys’ fees, and enhanced identity defense services. Eligibility is straightforward but limited: individuals must have received a breach notification from Comcast around December 18, 2023. Not every Xfinity customer qualifies—only those whose information was confirmed as potentially compromised.
You can apply for your part of the settlement, and time is ticking HERE.
Claimants have two main options for monetary relief. The simplest is an alternative cash payment, estimated at around $50 per person with no documentation required. This amount could be adjusted pro-rata depending on the total number of claims filed, as the fund is finite. For those with verifiable damages, the settlement offers reimbursement of up to $10,000 for documented out-of-pocket losses and lost time. Covered expenses may include costs for credit monitoring, credit freezes and unfreezes, identity theft insurance, postage for related correspondence, unreimbursed fraudulent charges, or even time spent dealing with the fallout (at a rate of $30 per hour, up to five hours or $150, subject to the overall cap).
Additionally, all class members—whether they file a claim or not—can access three years of CyEx Financial Shield identity monitoring services, which include $1 million in identity theft insurance and restoration support. Enrollment codes were included with the original breach notifications, and services become available once the settlement is finalized.
Key deadlines are approaching. The claim filing period is open now, with a deadline of August 14, 2026 (some sources note a possible extension to September 14). To opt out of the settlement and preserve the right to pursue individual litigation, written requests must be submitted by June 1, 2026. Doing nothing keeps individuals in the class, barring future lawsuits on these claims but still allowing access to the identity services. Claims can be filed online at the official settlement website, www.comcastbreachsettlement.com, or by mail. A unique Class Member ID from the original notice is typically required.
Consumer advocates view this settlement as a reminder of the persistent risks in an increasingly digital world. Data breaches continue to rise, with major companies often facing scrutiny for their cybersecurity practices. For Comcast, the incident highlighted vulnerabilities in third-party software dependencies, prompting calls for stronger internal protections and faster breach notifications. Experts recommend that affected customers remain vigilant: monitor credit reports, enable two-factor authentication, and consider additional safeguards beyond the settlement’s offerings.
The settlement awaits final court approval. A preliminary approval has been granted, and a fairness hearing is scheduled. If approved, distributions could begin later in 2026. Legal analysts note that while $117.5 million sounds substantial, spread across tens of millions of potential claimants, individual recoveries may be modest unless significant documented losses are proven.
This case underscores broader industry challenges. Telecom giants like Comcast handle vast amounts of sensitive data, making them prime targets for cybercriminals. Past incidents, such as those involving other major providers, have similarly resulted in multimillion-dollar settlements, yet prevention remains elusive. For now, Xfinity customers who received the December 2023 notice should review their eligibility promptly to avoid missing out on potential compensation.
As the claims process unfolds, affected individuals are encouraged to visit the official settlement site for the most accurate, up-to-date information and to submit claims securely. In an era where personal data is currency for hackers, proactive steps like these settlements provide some recourse—but long-term data security demands ongoing vigilance from both companies and consumers alike.
Please add Cord Cutters News as a source for your Google News feed HERE. You can watch today’s top cord cutting stories on our YouTube channel HERE. Please follow us on Facebook and X for more news, tips, and reviews. Need cord cutting tech support? Join our Cord Cutting Tech Support Facebook Group for help.