The Comcast data breach settlement covers approximately 35 to 36 million Xfinity customers whose personal information was compromised during a cybersecurity incident in October 2023. Under a $117.5 million settlement agreement reached in January 2026, affected customers are entitled to automatic identity protection services and can claim compensation ranging from approximately $50 in pro-rata payments to up to $10,000 for documented losses directly caused by the breach. If you received a Comcast breach notification letter in December 2023 about the October 2023 incident, you are likely eligible to benefit from this settlement.
This settlement represents one of the largest data breach payouts in recent years and was reached without Comcast admitting wrongdoing. The settlement was structured to provide both immediate protections and financial compensation for the millions of customers affected, with a final approval hearing scheduled for August 5, 2026, at the James A. Byrne U.S. Courthouse in Philadelphia.
Table of Contents
- What Was Compromised in the Comcast Xfinity Data Breach?
- Understanding the $117.5 Million Settlement and What It Provides
- Who Is Eligible for the Comcast Breach Settlement?
- How to File Your Claim and Meet the August 14, 2026 Deadline
- Important Limitations and What This Settlement Does Not Cover
- Comparing the Comcast Settlement to Other Major Data Breaches
- What Happens Next: Final Approval and Settlement Distribution
- Conclusion
What Was Compromised in the Comcast Xfinity Data Breach?
The Comcast data breach occurred over three days, October 16 through October 19, 2023, but wasn’t discovered until October 25, 2023, during a routine cybersecurity exercise. The breach exposed personal information for approximately 35 to 36 million Xfinity customers—a figure that represents roughly one-third of all Comcast’s customer base. The vulnerability, identified as CVE-2023-4966 (commonly known as CitrixBleed), existed in Citrix NetScaler appliances that Comcast used as part of its network infrastructure.
The compromised data included usernames, hashed passwords, names, contact information, the last four digits of Social Security numbers, dates of birth, and security questions and answers for some customers. While full Social Security numbers and payment card information were not exposed in the breach, the combination of these details was sufficient to enable identity theft and other fraudulent activities. For example, a criminal with access to your username, hashed password, name, contact information, and DOB could potentially use that information to impersonate you in phone calls to financial institutions or to attempt unauthorized password resets on other accounts.
Understanding the $117.5 Million Settlement and What It Provides
The $117.5 million settlement was tentatively approved in January 2026 and represents Comcast’s agreement to compensate affected customers while denying any wrongdoing in the matter. The settlement is administered by Kroll Settlement Administration LLC and provides three distinct forms of compensation to eligible class members. First, all affected customers automatically receive identity protection services at no cost—this is not optional and requires no claim to be filed, making it the most accessible benefit under the settlement. The second compensation tier is a pro-rata cash payment of approximately $50 per eligible claim member. This baseline payment is designed to be simple and require minimal documentation—eligible customers who file a claim can expect to receive this amount as long as they meet the basic eligibility criteria of having received a breach notification notice.
The third and final tier offers significantly larger compensation for customers who can document actual financial losses or time spent addressing the breach. Eligible members can claim up to $10,000 for documented losses (such as fraudulent charges, credit monitoring services purchased, or identity theft resolution costs) and up to $150 in compensation for time spent dealing with the breach (such as time spent monitoring accounts, placing fraud alerts, or communicating with financial institutions). One important limitation of this settlement is that claiming the larger compensation amounts requires substantial documentation and proof of loss. Customers seeking the $10,000 for documented losses will need to submit receipts, credit reports, bank statements, or other evidence proving the losses were directly caused by the breach. Without this documentation, claims will be denied, leaving customers with only the baseline $50 payment.
Who Is Eligible for the Comcast Breach Settlement?
Eligibility for the Comcast settlement is straightforward: you must be a U.S. resident who received a Comcast breach notification notice in December 2023 regarding the October 2023 data breach. This means that if Comcast sent you a letter, email, or notification in December 2023 specifically mentioning the October 16-19 breach caused by the CitrixBleed vulnerability, you are almost certainly eligible to participate in this settlement. The notification requirement is important because it means Comcast has already identified you as affected, and you should have documentation proving your eligibility.
It’s worth noting that the eligibility is not limited to active Comcast customers at the time of the breach. Some settlement class members may have been former customers who were on Comcast’s systems when the breach occurred. If you received a breach notification letter, that letter is your proof of eligibility and should be retained with your claim filing materials. For example, if you were a Comcast customer in October 2023 but canceled your service in November 2023, you would still be eligible for settlement benefits if you received the December 2023 breach notification.
How to File Your Claim and Meet the August 14, 2026 Deadline
The claims deadline for the Comcast settlement is August 14, 2026, which is a hard deadline that cannot be extended. To file a claim, eligible customers must submit claim forms to Kroll Settlement Administration LLC before this date. The exact process for filing claims, including whether claims can be filed online, by mail, or through other methods, will be detailed in official settlement notices and on the settlement administrator’s website. It is critical that you file before August 14, 2026, because claims filed after the deadline will be rejected regardless of eligibility. When filing your claim, you will need to provide basic information to verify your eligibility (such as your name, address, and Comcast account details) and indicate which compensation tier you are claiming.
If you are only claiming the baseline $50 pro-rata payment, this process is relatively simple and requires minimal documentation. However, if you are claiming the larger compensation amounts for documented losses or time spent on the breach, you will need to gather and submit supporting documentation such as receipts, invoices, credit reports, bank statements showing fraudulent charges, or detailed records of time spent addressing the breach. A key distinction in the filing process is that the baseline $50 payment is paid on a pro-rata basis, meaning the total $117.5 million settlement pool is divided equally among all claimants who submit valid claims. This is different from a “first come, first served” scenario—every eligible person who files before the deadline receives the same baseline amount. However, the documented loss and time compensation claims are evaluated individually based on the evidence each person provides.
Important Limitations and What This Settlement Does Not Cover
While the Comcast settlement provides substantial benefits, there are important limitations to understand. The settlement does not require Comcast to admit wrongdoing, which means the company was not found liable for negligence or other legal violations—this is a negotiated settlement designed to resolve disputes and provide compensation without a court finding that Comcast was at fault. This distinction may be important if you believe you have grounds for a separate legal claim against Comcast. Another significant limitation is that the automatic identity protection services, while valuable, are time-limited and specific in scope.
These services are typically provided for a set period (often 1-3 years) and cover credit monitoring and identity theft recovery assistance, but they may not cover all identity protection needs. For example, if you prefer to use a specific identity protection service provider that you already trust, the settlement-provided services may not be compatible with your existing security tools. Additionally, the maximum payout of $10,000 for documented losses may be insufficient for customers who experienced extensive fraud or identity theft as a result of the breach. If you suffered losses exceeding $10,000, this settlement only covers up to that limit, and you would need to pursue additional remedies separately.
Comparing the Comcast Settlement to Other Major Data Breaches
The Comcast settlement’s $117.5 million payout for 35-36 million affected customers translates to roughly $3.27 per person before accounting for the administrative costs and attorney fees (which typically reduce the actual fund available). For context, this is significantly less than some other major data breach settlements but comparable to others in scale. The 2018 Equifax breach settlement, which affected 147 million people, provided up to $125 for direct losses and free credit monitoring for seven years—a more generous payout structure, but the Equifax settlement was also much larger and was reached after years of litigation and regulatory pressure.
The distinguishing feature of the Comcast settlement is the tiered payout structure that allows customers to claim up to $10,000 for documented losses. Many data breach settlements cap individual payouts at $500 to $2,500, making Comcast’s $10,000 maximum a comparatively generous provision for affected customers who can document actual losses. However, this high maximum also means it’s critical that eligible customers file their claims with detailed documentation to access these larger payouts, rather than settling for the $50 baseline payment.
What Happens Next: Final Approval and Settlement Distribution
The next major milestone in the Comcast settlement process is the final approval hearing scheduled for August 5, 2026, at the James A. Byrne U.S. Courthouse in Philadelphia. During this hearing, the federal judge will review the settlement agreement to ensure it is fair, reasonable, and adequate to the affected class members.
Final approval hearings are typically brief formalities if no significant objections have been filed, but they are still an important part of the legal process that must occur before settlement funds can be distributed. After final approval is granted, Kroll Settlement Administration LLC will process all valid claims received by the August 14, 2026 deadline. The timeline for actual payment distribution depends on the complexity of the claims processing, but customers can generally expect to receive their payouts within several weeks to several months after the deadline has passed. Updates on the settlement’s progress and the final approval hearing can be tracked through the settlement administrator’s website and through official notices sent to eligible class members.
Conclusion
The Comcast data breach settlement provides meaningful compensation and protections for the 35 to 36 million Xfinity customers affected by the October 2023 cybersecurity incident. With a $117.5 million settlement fund, eligible customers receive automatic identity protection services, a baseline payment of approximately $50, and the opportunity to claim up to $10,000 for documented losses or $150 for time spent addressing the breach. To benefit from this settlement, eligible customers must file their claims with Kroll Settlement Administration LLC before the August 14, 2026 deadline.
If you received a Comcast breach notification letter in December 2023, take action now to file your claim before the deadline expires. Even if you only claim the baseline $50 payment, doing so is straightforward and protects your right to settlement benefits. For customers who experienced documented losses or spent significant time addressing the breach, gather your supporting documentation and submit a more comprehensive claim to access the higher compensation tiers available under this settlement.
You Might Also Like
- Cadence Bank MOVEit Data Breach Settlement Offers Payments for Exposed Customer Data
- Sprouts Farmers Market Receipt Settlement Claims Customers Received Noncompliant Card Receipts
- University of Michigan Anderson Abuse Settlement
Open Settlements You Can Claim Now
Browse current class action settlements accepting claims — several require no proof of purchase: