Lawsuits Rolled Into One Arena
The settlement would resolve 24 lawsuits filed in federal courts across the country, all consolidated before a single judge in Philadelphia — a legal funnel narrowing years of litigation into one decisive moment.
At the center of the dispute is a data breach that occurred between Oct. 16 and Oct. 19, 2023, when hackers accessed Comcast’s internal systems.
A Missed Patch, a Wide-Open Door
Court records say the breach stemmed from a delayed software fix. Comcast had not yet applied a security patch addressing a vulnerability in Citrix Systems software — a digital lock that, once weakened, gave hackers a way inside.
Citrix had issued a warning and provided guidance in an Oct. 10 bulletin, according to filings. Plaintiffs argue Comcast failed to act quickly enough, allowing attackers to exploit the gap like burglars finding an unlocked door.
Data Potentially Exposed
The breach may have compromised a broad swath of customer information, including usernames, passwords, names, contact details, security questions and answers, and the last four digits of Social Security numbers for more than 30 million people, court documents state.
The scale of exposure transformed what might have been a routine cyber incident into a national legal firestorm.
