Comcast Fined $1.5M for Data Breach Impacting 270K Customers

Comcast Settles $1.5 Million Fine for Data Breach

Comcast has agreed to pay a $1.5 million fine to resolve an investigation by the Federal Communications Commission (FCC) into a data breach that occurred in February 2024, exposing the personal information of nearly 275,000 customers.

The breach took place when hackers infiltrated the systems of Financial Business and Consumer Solutions (FBCS), a debt collector that Comcast had stopped using two years prior.

Initially, it was believed that 1.9 million individuals were affected by the breach. However, the number was later revised to 3.2 million in June and further increased to 4.2 million in July.

FBCS, which declared bankruptcy before disclosing the breach in August 2024, informed Comcast in July that the personal data of 273,703 Comcast customers had been compromised. This revelation came five months after the attack, contradicting FBCS’s earlier assurance in March that no Comcast customers were affected.

The cybercriminals stole personal and financial information, including names, addresses, Social Security numbers, dates of birth, and Comcast account numbers, between February 14 and February 26. The impacted individuals were current and former customers of Comcast’s Xfinity services.

As part of the consent decree issued by the FCC, Comcast has committed to implementing a compliance plan that includes enhanced vendor oversight to safeguard data and uphold customer privacy. This entails ensuring vendors dispose of customer information appropriately and adhering to the Cable Communications Policy Act of 1984.

The telecommunications giant must appoint a compliance officer, conduct biennial risk assessments of vendors handling customer data, submit compliance reports to the FCC every six months for the next three years, and report any significant violations within 30 days of discovery.

Despite the settlement, Comcast maintained that it was not at fault for the incident and did not admit any wrongdoing. The company stated that its network remained uncompromised, and FBCS was contractually obligated to meet security standards.

A Comcast representative declined to comment when contacted by BleepingComputer.

Comcast, an American conglomerate in media, telecommunications, and entertainment, ranks as the fourth-largest telecom company globally by revenue, trailing AT&T, Verizon, and China Mobile. With over 182,000 employees and millions of customers worldwide, Comcast reported revenues of $123.7 billion in 2024.

As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.

This free cheat sheet outlines 7 best practices you can start using today.

Download Now