Comcast Xfinity Data Breach Settlement 2026: $117.5 Million — What Subscribers Can Claim
Comcast agreed to pay $117.5 million over the October 2023 Xfinity breach that exposed names, Social Security numbers, and security questions of tens of millions of customers. Claim an estimated $50 flat payment or up to $10,000 in documented losses by September 14, 2026.
Last reviewed: April 2026
Editorially Reviewed — Content reviewed for accuracy using published legal research, government data, and verified court records. See our methodology
Reviewed by Leonard Goldberg, Editor · Last updated
What the Lawsuit Alleges
In October 2023, attackers exploited a vulnerability in Citrix networking software ('Citrix Bleed') to access Comcast's Xfinity systems before the patch was applied. Exposed data included usernames, hashed passwords, and for many customers names, contact information, dates of birth, the last four digits of Social Security numbers, and secret security questions and answers. The class action (Hasson v. Comcast) alleged Comcast waited too long to patch a publicly disclosed vulnerability and failed to protect subscriber data. Comcast denies wrongdoing but agreed to one of the largest data-breach settlements on record: $117.5 million.
Case Details
U.S. District Court for the Eastern District of Pennsylvania — Case No. 2:23-cv-05039-JMY. Official administrator site: comcastbreachsettlement.com.
Current Status
Who Is Affected & Can You Join?
Xfinity customers whose personal information was compromised in the October 2023 incident — Comcast notified affected account holders, and the administrator validates claims against breach records. If you had an Xfinity account (internet, TV, or mobile) in fall 2023 and received a breach notice or believe your data was involved, check the official site.
Is There a Payout?
Case Timeline
- 1
October 2023 — Citrix Bleed Exploited
Attackers use the publicly disclosed Citrix vulnerability to access Xfinity systems between roughly October 16 and 19, before Comcast completes patching.
- 2
December 2023 — Disclosure
Comcast discloses the breach in regulatory filings and begins notifying customers; class actions follow within days and consolidate in the Eastern District of Pennsylvania.
- 3
2026 — $117.5M Settlement
After two years of litigation, Comcast agrees to a $117.5 million settlement fund plus three years of monitoring for the class.
- 4
September 14, 2026 — Claim Deadline
Last day to file online or by mail at comcastbreachsettlement.com. (Ignore early press reports of August 14 — the official deadline is September 14.)
- 5
Late 2026 / 2027 — Payments
Distribution follows final approval and any appeal period; the administrator announces payment timing on the official site.
Scam & Misinformation Warnings
Whenever a brand lawsuit goes viral, scam sites and bad actors follow. Watch for these red flags:
Fake Xfinity 'breach compensation' calls
Comcast will not call asking for your Social Security number or a fee to 'release' settlement money. File only at comcastbreachsettlement.com.
Password-reset phishing waves
Because the breach exposed security questions, phishing that impersonates Xfinity password resets remains common. Go to xfinity.com directly — never through email links — and enable 2FA.
Paid claim-filing services
The claim form is free and short. Services charging 25–40% of your payment to file it add nothing.
Frequently Asked Questions
How much is the Xfinity settlement payout?
The no-documentation alternative cash payment is estimated at $50 (pro rata — final amount depends on claim volume). Documented out-of-pocket losses and lost time can be reimbursed up to $10,000 combined. Everyone valid also gets three years of credit + dark-web monitoring with $1M identity-theft insurance.
When is the claim deadline?
September 14, 2026. Some early press coverage said August 14 — that's wrong; the official administrator site confirms September 14, 2026.
Am I eligible?
If your personal information was compromised in Comcast's October 2023 Xfinity breach. Affected customers were notified, and the administrator validates against breach records — current and former Xfinity subscribers from fall 2023 should check the official site.
What was exposed?
Usernames and hashed passwords for ~36 million accounts per Comcast's disclosure; for many customers also names, contact details, dates of birth, last four SSN digits, and security questions/answers — the last being particularly dangerous for account-takeover attacks.
When will payments arrive?
After final approval and any appeals. With a September 2026 claim deadline, realistic distribution is 2027. The administrator posts timing updates on comcastbreachsettlement.com.
Should I take the $50 or document my losses?
If you spent real money or significant time dealing with fraud traceable to this breach — new-account fraud, credit freezes, disputed charges — the documented path pays up to $10,000 and is worth the paperwork. If not, the $50 flat claim takes five minutes.
Related Consumer Brand Lawsuits
Google Assistant Settlement
Google Assistant Settlement 2026 — $68M Privacy Payout
Disney Streaming Settlement
Disney $50M Streaming Settlement — YouTube TV, DirecTV
LabCorp Data Breach Settlement
LabCorp Data Breach Settlement 2026 — File by Sept 3
ZOLL Data Breach Settlement
ZOLL Data Breach Settlement 2026 — Heart Device Data