Comcast has agreed to a $117.5 million settlement to resolve 24 class action lawsuits stemming from a 2023 data breach that potentially impacted over 30 million Xfinity customers. The breach exploited the “Citrix Bleed” vulnerability, a critical security flaw in Citrix networking equipment that was widely exploited by hackers before many companies applied the available patch.
View the full Comcast Xfinity data breach settlement details on OpenClassActions.com.
What Happened
In October 2023, Citrix disclosed a critical vulnerability (CVE-2023-4966, dubbed “Citrix Bleed”) in its NetScaler networking products. The vulnerability allowed attackers to bypass authentication and access protected systems. Although Citrix released a patch, many organizations — including Comcast — did not apply it quickly enough.
Attackers exploited the Citrix Bleed vulnerability to access Comcast’s internal systems between October 16 and October 19, 2023. During that window, the attackers exfiltrated customer data including names, dates of birth, Social Security numbers, and hashed passwords. Comcast disclosed the breach in December 2023 and began notifying affected customers.
Twenty-four class action lawsuits were subsequently filed against Comcast, alleging the company failed to patch the known vulnerability in a timely manner and did not adequately protect customer data. The $117.5 million settlement resolves all pending litigation.
Who Is Affected
The settlement class potentially includes over 30 million Xfinity customers whose data was compromised in the breach. If you were an Xfinity customer in October 2023 and received a breach notification from Comcast, you are likely a class member.
What You Should Do
If you received a Comcast breach notification, watch for official settlement notices with information on how to file a claim. In the meantime, ensure you have changed your Xfinity account password (and any accounts using the same password), monitor your credit reports, and consider a credit freeze if your Social Security number was exposed.
Get the latest Comcast data breach settlement updates on OpenClassActions.com.
This article is for informational purposes only and does not constitute legal advice. Written by Steve Levine for OpenClassActions.org.