Subscribe To Our Newsletter
If you were one of the millions of Comcast Xfinity customers who had your personal data exposed to cybercriminals in late 2023, you may be eligible to claim a cash payout. Comcast Cable Communications LLC has agreed to establish a massive $117.5 million settlement fund to resolve a consolidated class action lawsuit.
If you were one of the millions of Comcast Xfinity customers who had your personal data exposed to cybercriminals in late 2023, you may be eligible to claim a cash payout. Comcast Cable Communications LLC has agreed to establish a massive $117.5 million settlement fund to resolve a consolidated class action lawsuit. The legal action alleges that the telecommunications giant failed to implement proper, reasonable cybersecurity measures to safeguard your sensitive information from a preventable cyberattack.
The legal battle stems from a major security incident that occurred between October 16 and October 19, 2023, on Comcast’s Xfinity systems. According to court filings, the breach occurred due to a vulnerability in a third-party software product provided by cloud computing company Citrix. The specific software flaw, known informally in cybersecurity circles as “Citrix Bleed,” allowed unauthorized external actors to bypass standard authentication protocols and hijack active user sessions.
The lawsuit, Hasson v. Comcast Cable Communications LLC (Case No. 2:23-cv-05039-JMY) in the U.S. District Court for the Eastern District of Pennsylvania, alleges that Citrix publicly disclosed the software vulnerability on October 10, 2023, urging its clients to patch the flaw immediately. However, the plaintiffs argue that Comcast failed to secure its systems in a timely manner. By the time the communication giant applied the necessary security patch, hackers had already been inside Comcast’s private networks for several days, pulling down data on millions of customers.
When cybercriminals gain access to a major telecom provider’s database, the records they steal represent a goldmine for identity thieves. In this specific incident, Comcast determined that the cyberattack impacted approximately 31.6 million current and former customers across the United States and its territories.
According to the legal complaint, the compromised customer information included:
Customer names and contact information
Usernames and hashed passwords
Dates of birth
The last four digits of Social Security numbers
Secret security questions and answers used to reset accounts
Having your security questions compromised—such as your mother’s maiden name, your first pet, or the street you grew up on—is a long-term nightmare. Because many people reuse these same security prompts across multiple online banking, retail, and medical portals, the theft of this data exposes consumers to a cascading risk of identity fraud far beyond their Xfinity account.
Under federal and state consumer protection laws, companies that collect and store vast amounts of consumer data have a strict legal duty to safeguard it. The class action lawsuit alleges that Comcast violated these standards by failing to maintain adequate data security protocols, leaving its digital doors unlocked despite clear industry warnings.
Plaintiffs argue that Comcast should have patched the “Citrix Bleed” software vulnerability immediately upon its public disclosure. By delaying the system update, Comcast allegedly allowed a known security vulnerability to remain active, which led directly to the theft of millions of private files.
While Comcast denies all allegations of wrongdoing and maintains that it responded to the incident appropriately, the company chose to settle the litigation for $117.5 million to resolve the consumer claims and avoid the high costs of a prolonged legal fight.
If the Xfinity data breach has caused you direct financial harm or identity theft, the settlement provides a mechanism to help make you whole. Under the terms of the agreement, you may be eligible to submit a claim for Cash Payment A, which offers up to $10,000 in reimbursement for documented out-of-pocket losses.
To claim this benefit, you must provide supporting documentation—such as bank statements, receipts, credit card bills, or reports filed with the Federal Trade Commission (FTC)—proving you suffered financial harm on or after October 16, 2023, as a result of the breach.
Reimbursable expenses under this category include:
Unreimbursed fraud charges or bank fees
The cost of purchasing credit reports, credit monitoring, or identity theft insurance
Fees paid to freeze or unfreeze your credit files
Professional expenses incurred while resolving falsified tax returns or identity theft
The settlement recognizes that recovering from a massive data breach requires a significant investment of personal time. Even if you did not lose money directly to fraud, you likely spent hours changing online passwords, monitoring your bank statements, freezing your credit, or talking to customer support.
To compensate you for this hassle, the settlement allows class members to file a claim for up to five hours of lost time, calculated at a flat rate of $30 per hour, for a maximum payout of $150.
You can claim this lost-time reimbursement alongside your documented out-of-pocket losses, provided the total combined amount of your claim does not exceed the overall $10,000 cap. When filling out your claim form, you will need to describe the specific activities you undertook and the time you spent attempting to remedy the fallout of the cyberattack.
If you were affected by the Comcast data breach but do not want to go through the process of compiling receipts or documenting lost hours, you still have options. The settlement includes an alternative flat cash payment option, sometimes referred to as Cash Payment B.
Under this option, you can submit a claim to receive a one-time pro rata cash payment of approximately $50, with absolutely no proof of loss required.
This alternative cash payout is designed to ensure that every affected customer can receive a meaningful recovery for the violation of their privacy. Keep in mind that the final amount of this flat payment may be adjusted upward or downward from the $50 estimate based on the total number of valid claims submitted by other class members before the filing deadline.
In addition to the cash benefits, the settlement agreement provides all class members with free credit monitoring and identity protection services. This benefit is designed to help you shield your personal identity from future abuse as the stolen data continues to circulate on the dark web.
Every eligible class member can enroll in two years of Identity Defense and Restoration Services provided by CyEx. This protection package includes:
One-bureau credit monitoring
Dark web surveillance and scanning
Real-time identity threat alerts
Access to professional fraud resolution agents to help repair your credit if your identity is stolen
To activate this service, you must use the unique enrollment code provided on your official settlement notice, which was sent to affected customers via email or physical postcard.
You do not need to guess whether you are included in this legal action. The Comcast class action settlement covers approximately 31.6 million individuals residing in the United States and its territories who were sent an individual notice from Comcast or Xfinity informing them that their personal information may have been compromised in the October 2023 breach.
You may be eligible to file a claim if:
You were an Xfinity customer during or prior to October 2023.
You received a data breach notification email or letter from Comcast on or around December 18, 2023.
You received an email or postcard notice from the settlement administrator, Kroll Settlement Administration LLC, containing a unique Class Member ID.
If you received these notices, your legal rights are directly affected by this settlement, and you must take action to claim your benefits.
The official, court-approved website for the settlement is now live at ComcastBreachSettlement.com. If you want to claim your cash payout or sign up for the free identity protection services, you must submit a valid claim form before the upcoming deadline.
To secure your settlement benefits, follow these steps:
Go to ComcastBreachSettlement.com and click on the “File a Claim” link.
Enter the unique Class Member ID found on your physical postcard or email notice. (If you cannot find your ID, you can use the lookup tool on the website or contact the administrator).
Select your preferred compensation option: either documented out-of-pocket losses (up to $10,000) and lost time, or the alternative $50 flat cash payment.
If claiming documented losses, upload your receipts, bank statements, or other proof.
Provide your payment preference, including options for a physical paper check or electronic payment.
Submit your claim online, or print a paper claim form and mail it postmarked before the deadline.
All claim forms must be submitted online or postmarked by mail no later than August 14, 2026.
If you are a member of the settlement class, you have several choices, but you must act within the strict timelines established by the court. If you do nothing, you will not receive any cash payments or free credit monitoring, and you will give up your legal right to sue Comcast for this breach in the future.
Please note the following critical deadlines:
June 1, 2026 — Exclusion (Opt-Out) Deadline: This was the last day to submit a request to exclude yourself from the settlement class if you wished to preserve your right to file an individual lawsuit against Comcast.
June 1, 2026 — Objection Deadline: This was the deadline to file a written objection with the court if you disagreed with the terms of the settlement, the amount of the fund, or the attorneys’ fees.
August 14, 2026 — Claim Filing Deadline: This is the absolute final day to submit your online or paper Claim Form to receive your cash payout or credit monitoring.
The court’s final approval hearing was scheduled for July 7, 2026, where the judge reviewed the fairness of the $117.5 million agreement. Distribution of cash benefits and credit monitoring codes will begin once the court grants final approval and any subsequent legal appeals are resolved.
New cases and investigations, settlement deadlines, and news straight to your inbox.