Comcast $117.5M Data Breach Class Action Settlement – 31.6 Million Affected, Claim Deadline August 14, 2026
Comcast agreed to pay $117.5 million to settle class action claims over an October 2023 data breach that exposed personal information of approximately 31.6 million Xfinity customers. If you received a data breach notification from Comcast about the incident, you can file a claim by August 14, 2026 for cash compensation, reimbursement up to $10,000, or free credit monitoring.
What Is the Comcast Data Breach Settlement About?
Between October 16 and October 19, 2023, hackers exploited a vulnerability in Citrix NetScaler software used by Comcast to access sensitive customer information. The breach, known as “CitrixBleed” (CVE-2023-4966), allowed attackers to hijack authenticated sessions without valid credentials.
Comcast didn’t publicly disclose the breach until December 2023—nearly two months after discovering the intrusion. The delay triggered lawsuits from customers who claimed the company failed to implement adequate cybersecurity safeguards and waited too long to notify affected individuals.
A Pennsylvania federal judge granted preliminary approval to the settlement on January 16, 2026. The final approval hearing is scheduled for July 7, 2026. Comcast denies all wrongdoing but agreed to the massive payout to avoid prolonged litigation.
Who Is Affected by This Data Breach?
The settlement covers approximately 31,658,000 United States residents who received individual breach notifications from Comcast informing them of the October 2023 incident. If Comcast sent you an email or letter about the data breach, you’re automatically part of the settlement class.
The compromised information included usernames, hashed passwords, names, contact information, dates of birth, Social Security numbers in some cases, and other personally identifiable data. Security experts consider the breach particularly serious because Social Security numbers were exposed for many customers.
Similar to recent AT&T data breach class action settlements, this case demonstrates that telecommunications companies face significant financial consequences when customer data isn’t properly protected.
How Much Money Can You Get?
The settlement offers multiple compensation options depending on your situation and documentation. You must choose only one payment option when filing your claim.
Option 1: Out-of-Pocket Loss Reimbursement
Claim up to $10,000 for documented expenses caused by the data breach. Eligible costs include unreimbursed identity theft expenses, fraudulent charges, credit monitoring you purchased, professional fees for resolving identity theft, credit freezes or report costs, and documented time spent fixing breach-related issues.
Option 2: Lost Time Payment
Receive $30 per hour for up to five hours of time spent addressing breach-related problems. This caps at $150 total and requires attestation but not receipts.
Option 3: Alternative Cash Payment
Get an estimated $50 flat payment without providing documentation. This amount may vary based on the total number of claims filed and what remains in the settlement fund after deducting legal fees, administration costs, and service awards.
All class members also qualify for three years of free credit monitoring and identity theft insurance through Experian, regardless of which payment option they choose.
How to File Your Claim
The official settlement website will go live soon according to court documents. Check ClassAction.org for updates, as they typically post direct links once claim portals open.
You’ll need your settlement notice ID number from the letter or email Comcast sent about the data breach. If you can’t locate your notice, the settlement administrator can help verify your eligibility using your Comcast account information.
For documented loss claims exceeding $100, you must provide third-party proof such as receipts, bank statements showing fraudulent charges, invoices for credit monitoring services, or professional service bills from attorneys or accountants who helped resolve identity theft.
Submit claims online through the official portal or mail completed forms to the settlement administrator. The deadline is August 14, 2026—claims received or postmarked after this date won’t be processed.
Settlement Timeline and Important Dates
The court granted preliminary approval on January 16, 2026, allowing the settlement to move forward. Comcast must now notify all affected customers through email, mail, or publication.
August 14, 2026 is the deadline to submit claims, opt out of the settlement, or file objections with the court. If you disagree with the settlement terms, you can object in writing explaining your concerns.
The final approval hearing is scheduled for July 7, 2026. The judge will decide whether to grant final approval and award attorneys’ fees. If approved and no appeals are filed, payments typically begin 60 to 90 days later—likely October or November 2026.
Common Mistakes to Avoid
Many consumers throw away breach notification letters without reading them. If you got a notice from Comcast about this data breach, save it. You’ll need the ID number to file your claim.
Don’t wait until the last minute to gather documentation. If you’re claiming reimbursement for expenses, start collecting receipts, bank statements, and proof of costs now. The settlement administrator requires specific documentation for claims over $100.
Some people assume they can’t claim anything because they didn’t experience identity theft. Wrong. You can still choose the alternative cash payment option or lost time reimbursement even if you have no out-of-pocket losses.
Missing the August 14, 2026 deadline forfeits your right to compensation. Set a calendar reminder for at least two weeks before the deadline to ensure you don’t miss out.
2026 Settlement Updates
As of February 2026, the settlement remains in preliminary approval status pending the July 7 hearing. Comcast continues denying liability while maintaining it settled to avoid litigation costs.
The settlement represents one of the largest telecommunications data breach settlements in recent years. For comparison, AT&T’s 2024 data breach settlement totaled $177 million for 73 million affected customers—making Comcast’s $117.5 million for 31.6 million customers proportionally similar.
The CitrixBleed vulnerability affected numerous companies beyond Comcast, raising questions about third-party software security. Similar breaches highlight how companies’ cybersecurity often depends on vendors implementing timely patches.
Are You Eligible to File a Claim?
You qualify if Comcast sent you a data breach notification letter or email about the October 2023 incident. The notice would have explained that your personal information may have been compromised in a cybersecurity attack.
Check your email and mail from December 2023 through early 2024 for communications from Comcast titled something like “Important Notice About Your Information” or “Data Security Incident Notification.”
If you’re unsure whether you’re in the settlement class, contact the settlement administrator once the claims portal launches. They can verify your eligibility using your Comcast account number or contact information.
Former Comcast customers who had accounts during October 2023 also qualify if they received breach notifications, even if they’ve since canceled service.
When Legal Advice May Help
Most class members can file claims without legal representation. The settlement provides straightforward options and the claim process is designed for consumers to handle themselves.
However, if you suffered substantial damages exceeding $10,000—like major identity theft requiring extensive professional help to resolve—consult a consumer protection attorney before filing. You have the right to opt out of the settlement by August 14, 2026 and pursue an individual lawsuit.
Attorneys who handle data breach cases typically work on contingency, meaning you don’t pay unless they recover compensation for you. This makes sense only if your documented losses significantly exceed the settlement cap.
For most consumers, participating in the class action settlement is the simplest and most cost-effective option. Similar to other consumer data breach settlements like nelnet, filing a claim takes minimal time and doesn’t require legal representation.
Where to Find Official Information
Monitor ClassAction.org for the official settlement website link once it launches. They maintain comprehensive databases of active class action settlements and post claim form links as soon as they’re available.
For questions about your Comcast account or whether you were affected, contact Comcast customer service. For settlement-specific questions about claim forms, payment options, or deadlines, wait for the settlement administrator contact information to be published.
Court documents are publicly available through PACER (Public Access to Court Electronic Records) for the Eastern District of Pennsylvania, though accessing them requires registration and fees.
Stay alert for scam emails claiming to be from the settlement administrator. Legitimate settlement communications will never ask for credit card information or request upfront payments to process your claim.
FAQs
What is the Comcast data breach settlement about?
Comcast agreed to pay $117.5 million to settle claims it failed to protect customer information during an October 2023 cyberattack exploiting the CitrixBleed vulnerability. Approximately 31.6 million customers received breach notifications and qualify for compensation.
How much is the Comcast settlement worth?
The total settlement fund is $117.5 million. Individual payments range from an estimated $50 cash payment without documentation to up to $10,000 for documented losses, plus three years of free credit monitoring for all class members.
Which Comcast customers are affected?
All United States residents who received individual breach notifications from Comcast about the October 2023 data security incident affecting Xfinity customers. Check your December 2023-early 2024 emails and mail for notices.
Am I eligible to file a claim?
Yes, if Comcast sent you a data breach notification letter or email about the October 2023 incident. You don’t need to prove identity theft or financial harm—just that your data was exposed.
What is the claim deadline?
Claims must be submitted by August 14, 2026. The official settlement website will launch soon with claim forms and detailed instructions.
What documentation do I need?
For the $50 alternative cash payment or lost time reimbursement up to $150, no receipts are required. For documented loss claims over $100, you need third-party proof like receipts, bank statements, or invoices.
When will I receive payment?
If the court grants final approval on July 7, 2026, and no appeals are filed, payments typically distribute 60-90 days later—likely October or November 2026.
Last Updated: February 11, 2026
Disclaimer: This article provides general information about the Comcast data breach class action settlement and is not legal advice. For questions specific to your situation, contact the settlement administrator or consult a qualified attorney.
What to Do Next: Save your breach notification letter from Comcast. When the claims portal opens, file immediately—don’t wait until August 2026.
Stay informed, stay protected. — AllAboutLawyer.com
About the Author
Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah