Telecommunications giant Comcast has agreed to pay $117.5 million to resolve a class action lawsuit alleging the company failed to protect customer data during a significant cybersecurity breach in October 2023. The settlement, pending final court approval, stems from an incident that exposed the personal information of more than 35 million customers of Comcast's Xfinity service.
The lawsuit accused Comcast of violating multiple consumer protection laws by not adequately safeguarding sensitive data and by allegedly failing to provide timely and proper notification to impacted individuals. While Comcast has denied any wrongdoing, the company opted to settle the claims rather than proceed with protracted litigation. This settlement follows a pattern of major corporations facing substantial financial penalties for data security failures, similar to a recent $135 million agreement Google reached over Android data collection allegations.
Eligibility and Claim Process
Not all Comcast customers are eligible for compensation. To qualify, an individual must have been notified by Comcast in December 2023 that their data was potentially compromised in the breach. Eligible class members should have recently received a notice, typically via email, containing a unique class member ID required to file a claim.
Claimants can seek reimbursement for documented out-of-pocket expenses directly linked to the breach. This includes costs associated with identity theft, fraud, falsified tax returns, or other misuse of their exposed information. Allowable expenses cover credit freezes, credit reports, monitoring services, and ancillary costs like notary fees, postage, and mileage incurred while addressing the breach's fallout.
Compensation for Lost Time and Alternative Payment
Beyond tangible expenses, affected customers can also claim compensation for lost time spent dealing with fraud or identity theft traceable to the incident. The settlement allows for payment of $30 per hour for up to five hours of lost time. Combined payments for expenses and lost time are capped at $10,000 per claimant.
For those without extensive documentation, an alternative flat payment of up to $50 is available, though the final amount may be reduced depending on the total number of claims filed. All eligible individuals will also have access to identity defense and restoration services as part of the settlement.
Legal Options and Critical Deadlines
Class members face several choices. They can file a claim to receive compensation, which requires submitting a form online or by mail by August 14, 2026. They can also choose to do nothing, which forfeits their right to a payment but also surrenders their ability to sue Comcast independently over this breach. Alternatively, individuals can formally exclude themselves from the class to preserve their right to pursue separate legal action, or they can object to the settlement's terms.
A final approval hearing is scheduled for July 7, 2026, where a judge will decide whether to grant final approval to the settlement. Payments will be distributed only after the court gives its final approval. The scale of this breach underscores the persistent vulnerability of consumer data, a concern amplified by incidents like the unprecedented Social Security data breach alleged during the previous administration.
In a December 2023 statement following the breach, Xfinity said it was "not aware of any customer data being leaked anywhere, nor of any attacks on our customers." The settlement represents a significant financial resolution for a breach affecting a critical infrastructure provider, highlighting the escalating costs and legal risks associated with cybersecurity failures in an era of increasing digital threats from both criminal and state-sponsored actors.
