Direct answer
Comcast 117.5 million data breach settlement Xfinity support data proof: what CRM buyers should take from it
The official Comcast/Xfinity settlement site says a proposed $117.5 million settlement covers claims tied to an October 2023 cybersecurity incident, with a September 14, 2026 claim deadline and an August 5, 2026 final approval hearing. AP previously reported that the breach affected nearly 35.9 million people based on a Maine attorney general filing. Support-ops buyers should treat the settlement as a proof trigger: know which customer data enters support systems, who can access it, how breach notices are handled, and what evidence can be exported if customers need help.
Published 7/16/2026. News event: 7/15/2026.
What happened
- The official settlement site identifies Hasson v. Comcast Cable Communications, LLC in the U.S. District Court for the Eastern District of Pennsylvania.
- The site says the proposed settlement relates to an October 2023 cybersecurity incident and states that Comcast denies wrongdoing.
- The proposed settlement fund is $117.5 million, with a claim deadline of September 14, 2026.
- The final approval hearing is scheduled for August 5, 2026.
- AP previously reported that the breach affected nearly 35.9 million people based on a Maine attorney general filing and involved usernames, hashed passwords, contact information, and for some people additional personal data.
Why this is trending
- The settlement gives customers and media a fresh deadline-driven reason to revisit an older breach.
- Support teams often sit on the data that makes breach response hard: account notes, attachments, verification answers, exported lists, refund records, identity documents, and vendor-access logs.
- A breach can turn ordinary support records into legal, operational, and customer-trust evidence.
The CRM Costs take
A support-ops buyer should not wait for an incident to learn where customer data lives. The buyer needs a Support Data Exposure Proof Packet: field inventory, attachment rules, third-party access map, notification workflow, customer-help script, evidence export, retention cleanup, and owner for fraud or identity-support handoffs.
Support Data Exposure Proof Packet
A buyer framework for validating support-data exposure across data inventory, ticket attachments, third-party access, notice workflows, customer help paths, evidence packets, and retention cleanup.
Inventory customer-data fields by system, queue, form, integration, export, owner, and retention period.
Set attachment rules, redaction policy, sensitive-field warnings, QA samples, deletion rights, and audit exports.
Map every vendor permission, admin role, API token, export right, subprocessor, and offboarding trigger.
Create notice templates, FAQ routing, escalation owners, legal approval paths, and versioned customer scripts.
Prepare scripts, eligibility rules, identity-verification steps, fraud handoff, supervisor route, and outcome logging.
Preserve incident exports, access logs, notice timestamps, agent interactions, deletion records, and retention exceptions.
What buyers should do next
Buyer FAQs
What is the Comcast settlement?
The official settlement site describes a proposed $117.5 million settlement tied to an October 2023 cybersecurity incident involving Comcast/Xfinity customer data. Comcast denies wrongdoing.
What are the key dates?
The official settlement site lists August 5, 2026 for the final approval hearing and September 14, 2026 as the claim deadline.
Why should support-ops teams care?
Support systems often contain sensitive customer data, attachments, exports, verification answers, and vendor-access logs. Those records become critical evidence when a breach creates customer questions, legal deadlines, and recovery workflows.
What proof should buyers ask vendors for?
Ask for customer-data inventory, attachment rules, vendor-access map, API/export permissions, notification workflow, customer-help scripts, retention policy, deletion proof, and incident evidence exports.