Comcast agrees to $117.5 million settlement to resolve data breach lawsuits
The settlement agreement resolves 24 lawsuits filed following a 2023 data breach. A final approval hearing is scheduled for July.
Comcast is one step closer to settling 24 class action lawsuits over a 2023 data breach that potentially impacted over 30 million former and current customers.
A $117.5 million settlement agreement received preliminary approval from a federal judge in the Eastern District of Pennsylvania last week.
Impacted customers would be able to receive three years of financial monitoring and identity-theft-protection service and choose between reimbursement of expenses up to $10,000 or a $50 cash payment, if the current terms of the agreement gain final approval.
Comcast did not oppose the request for preliminary approval of the agreement, but noted in court records that it does not agree with the facts as told by the representatives of the customers and denies all liability.
Neither a representative for the Philadelphia-based telecommunication giant nor its attorneys responded to requests for comment.
The settlement resolves 24 lawsuits, filed in federal courts nationally and consolidated under one judge in Philadelphia.
The flurry of litigation centers on a data breach that took place between Oct. 16 and 19, 2023, when hackers gained access to Comcast’s internal system. The hack was possible because the company delayed implementing a patch to fix a vulnerability in the Citrix Systems cyber software that Comcast has relied on, court records say.
Citrix warned customers of the problem and offered a solution in an Oct. 10 bulletin, court records say. The class attorneys accuse Comcast of having failed to heed the cyber-company’s advice, allowing hackers to take advantage of the vulnerability.
The data breach made the usernames, passwords, names, contact information, privacy questions and answers, and last four digits of Social Security numbers for more than 30 million customers potentially available to hackers, according to court records.
The settlement agreement was reached following a November negotiation session after multiple attempts at mediation.
The $117.5 million would be used to compensate customers, administer the settlement process that includes notifying customers and processing claims, and pay attorneys’ fees. The class attorneys could pocket as much as one third of the total settlement amount, according to court filings, but the exact amount will be decided later.
U.S. District Judge John Milton Young has set a final approval hearing for July. Once the settlement is approved Comcast and Citrix will be released from all claims related to the data breach.
Citrix’s attorneys did not respond to a request for comment.