Sign Up for Comcast Class Action Lawsuit
Comcast class action lawsuit is currently open:
Those who meet eligibility criteria should apply before the deadline August 14, 2026. Comcast failed to timely patch the known Citrix Bleed vulnerability, letting hackers steal personal data of 30+ million customers.
Comcast Class Action Lawsuit
A class action lawsuit has been filed against Comcast due to a 2023 cybersecurity incident in which third-party attackers exploited the unpatched "Citrix Bleed" vulnerability (CVE-2023-4966) on Comcast's network and obtained the personal information of more than 30 million current and former Comcast customers, including names, contact information, dates of birth, the last four digits of Social Security numbers, usernames and passwords, and security questions and answers.
The first complaint was filed on December 19, 2023, by plaintiff Kenneth Hasson — one day after Comcast publicly disclosed the breach. Over twenty related cases were filed across federal courts in Pennsylvania, Florida, Illinois, South Carolina, Nevada, and Minnesota, then consolidated before Judge John Milton Younge in the U.S. District Court for the Eastern District of Pennsylvania as Master File No. 2:23-cv-05039-JMY. The amended consolidated complaint asserts 23 causes of action, including violations of the federal Cable Communications Policy Act (47 U.S.C. § 521), state consumer protection statutes, negligence, unjust enrichment, and breach of implied contract.
Class Counsel are Gary F. Lynch of Lynch Carpenter LLP and Norman E. Siegel of Stueve Siegel Hanson LLP (Co-Lead Counsel), with James A. Francis of Francis Mailman Soumilas and Charles E. Schaffer of Levin Sedran & Berman serving as Co-Liaison Counsel.
Comcast Class Action Settlement - $117,500,000
Comcast has agreed to a non-reversionary $117,500,000 settlement fund to resolve claims arising out of the October 2023 data breach. The settlement covers approximately 31.7 million people who were sent individual notification of the breach by Comcast on or around December 18, 2023. The class period is anchored to the breach itself, which occurred between October 16 and October 19, 2023, when attackers exploited the Citrix Bleed vulnerability inside Comcast's environment.
The fund will pay reimbursement for documented out-of-pocket losses and lost time, alternative $50 cash payments, and three years of CyEx Financial Shield Complete identity-defense services for every class member. Comcast has also separately agreed to pay all notice and administrative costs above $7.3 million on top of the $117.5 million fund — so the entire settlement fund flows to class benefits, attorneys' fees, and service awards. As part of the settlement, Comcast resolves both this federal action and companion cases filed in California and Pennsylvania state courts.
Last updated May 2026. Claim deadline: August 14, 2026.
Comcast Settlement Fund
Total fund
Cash component
Identity protection
$117,500,000 non-reversionary
Up to $10,000 per person documented + $50 alternative payment
3 years CyEx Financial Shield Complete ($179.40/year retail value)
Deadline for filing a claim: August 14, 2026
Comcast Class Action Payout: $50 - $10,000
Eligible Comcast class members can submit either a documented claim (up to $10,000) covering out-of-pocket losses such as unreimbursed fraud charges, credit-freeze fees, credit-monitoring subscriptions, and lost time at $30 per hour for up to five hours, OR an Alternative Cash Payment of $50, subject to pro rata adjustment if total valid claims exceed the Net Settlement Fund. Class members who take no action still receive three years of CyEx Financial Shield Complete — which includes 1-bureau credit monitoring, dark-web monitoring, $1 million in identity-theft insurance, home-title and bank-account monitoring, lost-wallet protection, and victim assistance.
The Final Approval Hearing is scheduled for July 7, 2026 at 10:00 a.m. ET in Courtroom 15-B of the James A. Byrne U.S. Courthouse in Philadelphia. Settlement Class Members who file claims online can choose from PayPal, Venmo, Zelle, ACH, or paper check as their payment method. If you do not receive a payment after the settlement becomes final, contact the Settlement Administrator at (833) 319-2401.
Comcast Class Action Eligibility
You are included in the Comcast class action settlement if Comcast sent you an individual breach notification on or around December 18, 2023 informing you that your personal information may have been compromised in the October 2023 Citrix-Bleed breach. The class covers all persons residing in the United States and its territories who received that notice — approximately 31.7 million current and former Comcast customers.
Claim form requires:
- Settlement Class Member ID (printed on the email or postcard notice)
- Choice between (a) Out-of-Pocket Losses and/or Lost Time or (b) the $50 Alternative Cash Payment — not both
- For documented losses: "Reasonable Documentation" (credit-card statements, bank statements, invoices, telephone records, receipts) — handwritten or self-prepared receipts alone are not sufficient
- For lost time: a self-certified explanation of how the time was spent, up to 5 hours
- Signed attestation under penalty of perjury
Comcast Class Action Claim Form
1
2
3
FAQ
The breach was caused by attackers exploiting a vulnerability (CVE-2023-4966, nicknamed "Citrix Bleed") in Citrix's NetScaler products used by Comcast. Plaintiffs allege both Comcast (for failing to patch promptly) and Citrix (for the vulnerability itself) bear responsibility. The settlement releases claims against all three companies.
Citrix Bleed is the nickname for CVE-2023-4966, a flaw that let attackers hijack already-active user sessions on Citrix NetScaler products. Citrix released a patch on October 10, 2023; Comcast did not apply it until over a week later, and attackers exploited Comcast's systems between October 16 and October 19, 2023.
Class Counsel will ask the Court to approve attorneys' fees up to one-third of the Settlement Fund — approximately $39,170,000 — plus reimbursement of litigation expenses. The motion for fees must be filed by May 11, 2026 and any award is paid from the $117.5 million fund.
Each of the 11 Class Representatives — Patricia Andros, Michelle Birnie, Jessica Durham, Ryan Emmett, Vince Estevez, Alexander Nunn, Steven Prescott, Robert Smith, Veronica Verdier, Marcia Proto Wilson, and Jodi Wolfson — may receive a $5,000 Service Award subject to Court approval, totaling $55,000.
More than 24 related cases were filed in federal courts in Pennsylvania, Florida, Illinois, South Carolina, Nevada, and Minnesota in the weeks after Comcast's December 2023 disclosure. They were consolidated before Judge Younge in the Eastern District of Pennsylvania, and plaintiffs also filed companion state-court actions in California and Pennsylvania, all of which are resolved by this settlement.
The settlement is non-reversionary — no money goes back to Comcast. Any funds left over (from un-cashed checks or unprovided tax information) will be distributed to other Settlement Class Members, used to extend Identity Defense Services and Restoration Services, or applied as otherwise ordered by the Court.
You can claim the cost of credit monitoring, credit reports, or other identity-theft remediation products incurred on or after October 16, 2023 through the date of your claim as an Out-of-Pocket Loss, provided you can produce a credit-card statement, invoice, or receipt. Self-prepared documents alone are not enough.
Comcast did not admit wrongdoing, but the settlement requires Comcast to pay all notice and administrative costs above $7.3 million separately from the $117.5 million fund — protecting class recoveries from administrative dilution. The case also resolves a factual challenge Comcast brought to plaintiffs' Article III standing, which had threatened to dismiss the case before any class certification.
Individuals who, before the December 23, 2025 motion for preliminary approval, either filed a written arbitration demand against Comcast related to the breach (without releasing those claims), gave written notice of representation for such an arbitration, or already released their claims against the Released Parties are excluded from the Settlement Class — they keep their separate arbitration rights and are not bound by this settlement.