Comcast Settles 2023 Xfinity Data Breach for $117.5 Million, Offers Up to $10K Payouts

The breach was discovered in October 2023 and disclosed to customers in December 2023. Comcast notified users that attackers accessed usernames, passwords, contact information, dates of birth, and the last four digits of Social Security numbers. The company has denied wrongdoing but agreed to the settlement to avoid prolonged litigation.

- Settlement amount: $117.5 million. - Maximum individual payout: $10 000 for documented expenses or lost time. - Alternative cash option: $50 for those who skip the documentation process. - Claim filing deadline: August 14, 2025. - Final approval hearing scheduled for July 7, 2025.

The settlement highlights the financial and reputational costs of inadequate data protection. It signals to other firms that failing to secure personal information can trigger large class‑action payouts and regulatory scrutiny. For consumers, the case reinforces the importance of monitoring accounts for unauthorized use after a breach notice.

Security teams should enforce multi‑factor authentication on all customer‑facing portals, monitor for credential‑stuffing attempts using tools aligned with MITRE ATT&CK T1110, and enforce password‑reset policies after any suspected credential exposure. Regularly review access logs for anomalous internal system use (T1078) and apply patches for known vulnerabilities in web applications and APIs as soon as they are released (CVE‑2023‑XXXX patterns). Implementing real‑time alerts for unusual data exfiltration (T1041) can help detect breaches earlier.