Comcast
Company Details
Linkedin ID:
comcast
Website:
Employees number:
60,212
Number of followers:
706,769
NAICS:
517
Industry Type:
Homepage:
https://corporate.comcast.com/
IP Addresses:
819
Company ID:
COM_2880559
Scan Status:
Completed
Comcast Company CyberSecurity Posture
https://corporate.comcast.com/
Welcome to Comcast. From the connectivity and platforms we provide to the content and experiences we create, we bring people together, globally. Our people think the world of our work, and that’s why our work is the best in the world.
Comcast A.I CyberSecurity Scoring
Comcast Risk Score (AI oriented)Between 0 and 549
Comcast
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Comcast Global Score (TPRM)XXXX
Comcast
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Comcast Company CyberSecurity News & History
Past Incidents
16
Attack Types
4
Comcast
Breach
Rankiteo Explanation
Attack with significant impact with internal employee data leaks
Description: Xfinity by Comcast reports a data breach following a cyberattack that took use of the CitrixBleed vulnerability. By taking use of this vulnerability, threat actors were able to take over active authenticated connections and get around multifactor authentication and other stringent authentication regulations. The security company Mandiant saw threat actors taking control of sessions in which the threat actor used session data that had been taken prior to the patch being deployed. The business discovered that hashed passwords and usernames are among the different client data that is exposed.
Comcast
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Comcast, a US company, suffered a data breach incident in September 2015. The breach compromised the personal details of about 75,000 of its customers. The company had offered $100 to the affected customers and $25 million to the state agencies as compensation.
Comcast
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Comcast, a major telecommunications conglomerate, faced a regulatory penalty of **$1.5 million** imposed by the **Federal Communications Commission (FCC)** due to a **data breach** that exposed the personal information of **237,000 customers**. The incident stemmed from inadequate vendor oversight, leading to unauthorized access to sensitive customer data, including names, addresses, phone numbers, and potentially financial details. The FCC settlement requires Comcast to implement stricter **third-party risk management protocols**, enhance **data protection measures**, and conduct regular audits to prevent future breaches. While the financial penalty is significant, the reputational damage and erosion of customer trust pose long-term risks. The breach did not result in confirmed identity theft or fraudulent transactions tied directly to the exposed data, but the scale of affected individuals and regulatory scrutiny underscore the severity of the lapses in cybersecurity governance. The incident highlights the growing regulatory focus on **vendor-related security failures** in safeguarding consumer privacy.
Comcast Agrees to Pay $1.5 Million Fine Over 2024 Vendor Data Breach Impacting 237,000 Customers
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Federal Communications Commission announced this week that Comcast will pay a $1.5 million civil penalty to resolve an investigation into a 2024 data breach at one of its former debt-collection vendors that exposed the personal information of approximately 237,000 current and former customers. According to the FCC’s enforcement bureau, the compromised data belonged to subscribers of Comcast’s Xfinity internet, television, and home-security services. The breach occurred at Financial Business and Consumer Solutions (FBCS), a third-party debt collector that Comcast had retained until 2022. Even though the business relationship ended two years earlier, FBCS continued to store Comcast customer records containing sensitive personal information. The incident came to light in early 2024 when FBCS notified affected individuals that cybercriminals had gained unauthorized access to its systems. The exposed information reportedly included names, addresses, dates of birth, partial or full Social Security numbers, account numbers, and details about services subscribers had purchased from Comcast. In some cases, driver’s license numbers and security questions used for account verification were also compromised. FCC investigators determined that Comcast failed to implement adequate oversight of its former vendor’s data-security practices after the relationship ended. Although Comcast had contractually required FBCS to maintain reasonable security measures and to delete customer data o
Comcast Corporation
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Comcast Corporation faced a severe data breach in 2024 due to a cyberattack on its former vendor, **Financial Business and Consumer Solutions (FBCS)**, a debt collection agency. Unauthorized actors gained access to FBCS’s network, exfiltrating and encrypting sensitive personal data of **237,000 current and former Comcast customers**, including **names, addresses, Social Security numbers, dates of birth, and Comcast account identifiers**. The breach exposed victims to high risks of **identity theft and financial fraud**, compounded by FBCS’s bankruptcy filing shortly before disclosure.The **FCC imposed a $1.5 million fine** on Comcast, which, while not admitting liability, agreed to enhance **vendor oversight, privacy protections, and cybersecurity measures**. Affected customers received **12 months of free credit monitoring and identity theft protection**, alongside advisories to enable **two-factor authentication** and monitor financial accounts. The incident underscores critical vulnerabilities in third-party vendor security and the cascading risks of inadequate data protection protocols.
Comcast Corporation
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Comcast Corporation (NASDAQ:CMCSA) faced a **$1.5 million fine** from the **Federal Communications Commission (FCC)** after its vendor, **Financial Business and Consumer Solutions (FBCS)**, exposed the **personal data of ~237,000 current and former customers** using Comcast’s internet, TV, and home security services. The breach occurred in **August 2024**, but FBCS filed for bankruptcy before disclosing it. The exposed data included customer information linked to Comcast’s services, though specifics (e.g., financial details, exact PII types) were not detailed.The FCC mandated a **new compliance plan** with stricter **vendor oversight and privacy safeguards**. While Comcast reported strong Q3 earnings ($31.2B revenue, beating estimates), the breach added regulatory pressure amid broader scrutiny, including political tensions with President Trump over NBC’s content. The stock declined **29.29% YTD** and dropped **3.25% on the day** of the announcement, reflecting investor concerns over reputational and compliance risks.
Comcast
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Comcast experienced a significant **data breach in February 2024** caused by a **third-party vendor’s cybersecurity failures**, exposing the **personal information of nearly 275,000 customers**, including names, addresses, and account details. The breach stemmed from **inadequate security measures** by the vendor, leading to unauthorized access and severe privacy risks. The incident triggered an **FCC investigation**, resulting in a **$1.5 million fine** and **reputational damage**, as customers questioned Comcast’s ability to protect their data. The case highlights critical gaps in **vendor oversight** and underscores the financial, regulatory, and trust-related consequences of third-party security lapses. While Comcast settled the probe, the breach serves as a warning for organizations to enforce **stricter vendor audits, continuous monitoring, and clear contractual cybersecurity obligations** to prevent similar incidents.
Comcast (CMCSA)
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Comcast, a major entertainment and telecommunications conglomerate, faced regulatory and financial repercussions after a **third-party vendor data breach** exposed the personal information of approximately **237,000 customers**. The breach occurred at **Financial Business and Consumer Solutions (FBCS)**, a now-bankrupt debt-collection vendor that Comcast had engaged until 2022. The incident, disclosed in **August 2024**, involved customer data from Comcast’s internet, TV, and home security services. While Comcast’s own systems remained uncompromised, the FCC imposed a **$1.5 million fine** and mandated stricter vendor oversight under a new compliance plan. The breach raised concerns over **vendor risk management**, particularly as FBCS had already filed for bankruptcy before the exposure was revealed. Comcast denied liability but committed to enhancing cybersecurity policies to prevent future incidents. The financial and reputational fallout contributed to a **3% stock decline** on the day of the announcement, compounding a **38.75% year-over-year loss** in share value.
Comcast
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: A BlackMarket on the dark web was offering about 590,000 Comcast email addresses and passwords for sale. The seller presented a list of 112 accounts asking for $300 USD for 100,000 accounts, and the complete list of 590,000 accounts sells for $1,000 USD as evidence of the reliability of the Comcast data. Approximately 200,000 out of the 590,000 records that were being sold on the illicit market were still active, according to Comcast, which was in possession of the list and had been examining the exposed information. The systems of Comcast have not been penetrated, according to the company's security staff, and each subscriber who reports unusual behaviour on his account will be contacted individually to address the problem.
Comcast
Data Leak
Rankiteo Explanation
Attack limited on finance or reputation
Description: A bug in Comcast's website used to activate Xfinity compromised sensitive information on the company's customers. The website, used by customers to set up their home internet and cable service, was used to trick into displaying the home address where the router is located, as well as the Wi-Fi name and password. Only a customer account ID and that customer's house or apartment number are needed, even though the web form asks for a full address. That information could be grabbed from a discarded bill or obtained from an email. The bug returns data even if the Xfinity Wi-Fi is already switched on. It's also possible to rename Wi-Fi network names and passwords, temporarily locking users out.
Comcast
Data Leak
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Comcast Xfininty's login page had a bug that allowed anyone to gain access to the partial Social Security Numbers and partial home addresses of over 26.5 million customers. The company patched the bug quickly after being notified of its existence.
Comcast
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Comcast was affected by a data breach at Financial Business and Consumer Solutions (FBCS), a third-party agency providing collection-related services. The breach exposed personal data of approximately 238,000 customers, including names, addresses, Social Security numbers, dates of birth, and Comcast account details. The incident was the result of unauthorized network access and a ransomware attack at FBCS between February 14 and 26, 2024. Comcast ceased working with FBCS in 2020, but due to data retention requirements, FBCS still held Comcast customer data from around 2021. While FBCS has not observed misuse of the compromised data, Comcast offered one year of credit monitoring and identity protection services to impacted individuals.
Comcast to pay $1.5M to resolve vendor data breach
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The FCC's Enforcement Bureau said Comcast has agreed to pay $1.5 million to resolve a vendor data breach that exposed personal data from more than 237,000 current and former customers. In an order (PDF) published last week, Comcast's "voluntary contribution" of $1.5 million is being combined with a compliance plan that includes, among other things, "certain Vendor oversight practices related to customer privacy and information protection." Tied in, Comcast will take steps to "enhance an existing data inventory program" designed to accurately track personally identifiable subscriber information that is shared with vendors. Comcast told Reuters that it "was not responsible for and has not conceded any wrongdoing in connection with this incident." As Light Reading reported in October 2024, Comcast had notified 237,703 customers that data, including home addresses and social security numbers, was stolen through a ransomware attack on a third-party debt collection agency – Financial Business and Consumer Solutions (FBCS) – that is no longer used by Comcast. CF Medical/Capio and Truist Bank were also impacted by the cybersecurity attack on FBCS. Former vendor alerted Comcast of data breach in 2024 FBCS had originally notified Comcast in March 2024 that it had been the target of a data breach, but that Comcast consumer data was not impacted. Then, in July 2024, FBCS followed up to inform Comcast that a new finding had discovered some Comcast data was impacted. An FBCS investiga
Comcast Corporation
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: The Medusa ransomware group claimed responsibility for a cyberattack on **Comcast Corporation**, a global media and technology conglomerate. The group allegedly exfiltrated **834.4 GB of data**, including actuarial reports, insurance modeling scripts, claim analytics, and customer data processing files (e.g., *Esur_rerating_verification.xlsx*, *Claim Data Specifications.xlsm*, Python/SQL scripts). They demanded **$1.2 million** to either delete the data or prevent its sale/leak, publishing **167,121 file entries** and **20 screenshots** as proof. The breach risks exposing sensitive financial, customer, and operational data, potentially triggering regulatory scrutiny. Comcast has not confirmed the attack, but Medusa’s history (e.g., a **$4M ransom demand on NASCAR** in 2025, later confirmed as a breach) suggests credibility. The leaked data’s scale—spanning insurance, premium analysis, and claims—implies severe operational and reputational damage. Previous incidents (e.g., **200,000 Comcast credentials leaked in 2015**) highlight vulnerabilities in legacy data protection. If validated, the breach could disrupt Comcast’s subsidiaries (NBCUniversal, Sky, Peacock) and erode trust in its cybersecurity posture.
Comcast Corporation
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: The **Medusa ransomware group** breached **Comcast Corporation**, a global media and technology company, in late September 2025, exfiltrating **834 GB of data**. The group leaked **186.36 GB of compressed data** (expanding to ~834 GB) on October 19, 2025, after Comcast refused to pay a **$1.2 million ransom**. The leaked files included sensitive records such as **Esur_rerating_verification.xlsx**, **Claim Data Specifications.xlsm**, and proprietary **Python/SQL scripts** related to auto premium analysis. The data was split into **47 files (45 x 4 GB + 1 x 2 GB)** and made available for purchase on the dark web.Comcast did not respond to inquiries, leaving the breach unconfirmed but highly credible given Medusa’s track record—including a prior **$4M ransomware attack on NASCAR** in April 2025. The group exploited the **GoAnywhere MFT vulnerability (CVE-2025-10035, CVSS 10.0)** for initial access. This incident follows Comcast’s **2023 Xfinity breach**, where a **Citrix vulnerability** exposed **35.9 million user accounts**. The leaked data’s scale and sensitivity suggest severe operational, financial, and reputational risks for Comcast, with potential regulatory and customer trust repercussions.
Comcast Cable Communications
Vulnerability
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Vermont Office of the Attorney General disclosed that Xfinity suffered a data breach stemming from a **vulnerability in Citrix’s software**, enabling unauthorized access between **October 16–19, 2023**. The exposed data included **usernames, hashed passwords, full names, contact details, the last four digits of Social Security numbers, dates of birth, and secret questions/answers**. While the breach did not involve full Social Security numbers or financial data, the compromised credentials and personal identifiers pose significant risks, including **identity theft, phishing attacks, and account takeovers**. The incident was publicly reported on **December 18, 2023**, highlighting delays in detection and disclosure. The breach’s scope suggests potential long-term reputational damage and regulatory scrutiny, particularly given the sensitivity of the leaked information and the scale of Xfinity’s customer base.
Comcast Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Comcast
Incidents vs Telecommunications Industry Average (This Year)
Comcast has 29.87% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Comcast has 29.87% more incidents than the average of all companies with at least one recorded incident.
Incident Types Comcast vs Telecommunications Industry Avg (This Year)
Comcast reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — Comcast (X = Date, Y = Severity)
Comcast cyber incidents detection timeline including parent company and subsidiaries
Comcast Company Subsidiaries
Welcome to Comcast. From the connectivity and platforms we provide to the content and experiences we create, we bring people together, globally. Our people think the world of our work, and that’s why our work is the best in the world.
Loading...
Comcast Similar Companies
Ericsson
The future of mobile isn’t on the horizon, it’s happening now. At Ericsson, we’re building the foundation for an open network ecosystem where industries, developers, and enterprises thrive. The convergence of 5G, AI, cloud, and network APIs isn’t just a technological shift; it’s a transformation th
Welkom bij de LinkedIn pagina van KPN. Sinds jaar en dag maakt KPN technologie toegankelijk. Hier leest u alles over de ontwikkelingen rondom de thema’s die KPN belangrijk vindt, zoals Het Nieuwe Leven & Werken, Veiligheid & Privacy en ICT-infrastructuur. Ook een transparante en betrouwbare dienstve
vivo
vivo is a technology company that creates great products based on a design-driven value, with smart devices and intelligent services as its core. The company aims to build a bridge between humans and the digital world. Through unique creativity, vivo provides users with an increasingly convenient mo
Bell
We advance how people connect with each other and the world #ConnectionIsEverything. Bell is Canada's largest communications company providing advanced Bell broadband wireless, Internet, TV, media and business communications services. Founded in Montréal in 1880, Bell is wholly owned by BCE Inc. T
MTS Group
Mobile TeleSystems OJSC ("MTS") is the leading telecommunications group in Russia, Eastern Europe and Central Asia, offering mobile and fixed voice, broadband, pay TV as well as content and entertainment services in one of the world's fastest growing regions. Including its subsidiaries, as of Decemb
Rogers Communications
Rogers is Canada’s communications and entertainment company, driven to connect and entertain Canadians. For more information, please visit rogers.com or investors.rogers.com. Déterminée à connecter et à divertir les Canadiens et Canadiennes, Rogers est la référence canadienne en matière de commu
MEGACABLE
Mega es una empresa cien por ciento mexicana y líder en el sector de Telecomunicaciones, tenemos 45 años de servicio y casi 5 millones de suscriptores a quienes les ofrecemos los servicios de TV, internet, telefonía digital y móvil. Estamos en constante crecimiento, hoy en día tenemos presenci
Telenor
EMPOWERING SOCIETIES. CONNECTING YOU TO WHAT MATTERS MOST. Telenor Group is a leading telecommunications company across the Nordics and Asia with 158 million subscribers and annual sales of around NOK 99 billions (2022). We are committed to responsible business conduct and driven by the ambition
PT. Indosat Tbk
Indosat Ooredoo Hutchison (IDX: ISAT) ("IOH"), are here with our vision to become the most preferred digital telecommunications company of Indonesia. The IOH merger combines two highly complementary businesses between PT Indosat Tbk (“Indosat Ooredoo”) and PT Hutchison 3 Indonesia to create a new wo
.png)
Comcast CyberSecurity News
December 01, 2025 06:45 PM
Comcast to pay $1.5M to resolve vendor data breach
Comcast will pay $1.5 million and implement new vendor oversight practices to resolve a data breach stemming from an attack on a third-party...
November 29, 2025 06:18 PM
Comcast Fined $1.5 Million After Vendor Breach Exposes Customer Data
A data breach at a former Comcast vendor that affected more than 270000 customers has resulted in a $1.5 million penalty for the company.
November 28, 2025 04:34 PM
Comcast Faces $1.5 Million Penalty After FCC Investigation Into Vendor Data Breach
Comcast has agreed to pay a $1.5 million fine to settle a Federal Communications Commission (FCC) investigation into a data breach linked to...
November 28, 2025 08:28 AM
Comcast to Pay a $1.5 Million Fine to Settle an FCC Investigation Linked to Vendor Data Breach
The company agreed to pay fine to settle an FCC investigation into a data breach that exposed personal information .
November 28, 2025 07:34 AM
Comcast to Pay $1.5 Million Fine to Settle FCC Investigation Linked to Vendor Data Breach
The breach originated with Financial Business and Consumer Solutions (FBCS), a debt collection agency previously contracted by Comcast.
November 28, 2025 05:44 AM
Comcast Fined $1.5 Million to Settle FCC Probe Tied to Vendor Data Breach
Comcast has agreed to a $1.5 million settlement with the Federal Communications Commission (FCC) following a data breach.
November 25, 2025 10:30 AM
Comcast To Pay $1.5m Over Vendor Data Breach
Comcast settlement with US FCC sees it pay $1.5m fine after breach of debt collection firm leaked thousands of customers' personal data.
November 25, 2025 08:34 AM
Comcast paid $23 million in magnesium to settle supplier cybersecurity incident affecting over 150 people.
The U.S. Federal Communications Commission (FCC) announced on Monday (November 24) that Comcast will pay a $1.5 million fine for a data...
November 25, 2025 07:47 AM
Comcast Fined $1.5M by FCC Following 2024 Data Breach at Debt Collector FBCS that Exposed Customer Information
The FCC has fined Comcast $1.5 million after a breach at its former vendor, FBCS, exposed personal data from 237000 customers.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Comcast CyberSecurity History Information
Official Website of Comcast
The official website of Comcast is https://corporate.comcast.com/.
Comcast’s AI-Generated Cybersecurity Score
According to Rankiteo, Comcast’s AI-generated cybersecurity score is 353, reflecting their Critical security posture.
How many security badges does Comcast’ have ?
According to Rankiteo, Comcast currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Comcast have SOC 2 Type 1 certification ?
According to Rankiteo, Comcast is not certified under SOC 2 Type 1.
Does Comcast have SOC 2 Type 2 certification ?
According to Rankiteo, Comcast does not hold a SOC 2 Type 2 certification.
Does Comcast comply with GDPR ?
According to Rankiteo, Comcast is not listed as GDPR compliant.
Does Comcast have PCI DSS certification ?
According to Rankiteo, Comcast does not currently maintain PCI DSS compliance.
Does Comcast comply with HIPAA ?
According to Rankiteo, Comcast is not compliant with HIPAA regulations.
Does Comcast have ISO 27001 certification ?
According to Rankiteo,Comcast is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Comcast
Comcast operates primarily in the Telecommunications industry.
Number of Employees at Comcast
Comcast employs approximately 60,212 people worldwide.
Subsidiaries Owned by Comcast
Comcast presently has no subsidiaries across any sectors.
Comcast’s LinkedIn Followers
Comcast’s official LinkedIn profile has approximately 706,769 followers.
NAICS Classification of Comcast
Comcast is classified under the NAICS code 517, which corresponds to Telecommunications.
Comcast’s Presence on Crunchbase
Yes, Comcast has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/comcast.
Comcast’s Presence on LinkedIn
Yes, Comcast maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/comcast.
Cybersecurity Incidents Involving Comcast
As of December 11, 2025, Rankiteo reports that Comcast has experienced 16 cybersecurity incidents.
Number of Peer and Competitor Companies
Comcast has an estimated 9,686 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Comcast ?
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability, Data Leak, Ransomware and Breach.
What was the total financial impact of these incidents on Comcast ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $34 million.
How does Comcast detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with patched the bug quickly, and remediation measures with contacting subscribers reporting unusual behavior, and third party assistance with mandiant, and communication strategy with comcast offered one year of credit monitoring and identity protection services to impacted individuals, and communication strategy with public disclosure via vermont office of the attorney general, and communication strategy with no public response or acknowledgement, and remediation measures with improved vendor oversight (as per fcc mandate), and remediation measures with compliance plan with strengthened vendor oversight and customer-privacy safeguards, and remediation measures with new compliance plan with stricter vendor oversight rules, and communication strategy with public statement denying blame but committing to improved cybersecurity policies, and enhanced monitoring with improved cybersecurity policies (vendor monitoring), and and remediation measures with enhanced vendor oversight, remediation measures with stricter customer privacy protections, remediation measures with improved information security practices, and recovery measures with customer notifications, recovery measures with free identity theft protection (12-month credit monitoring), and communication strategy with public disclosure via fcc, communication strategy with customer notifications, communication strategy with advisories for two-factor authentication, and communication strategy with notification to affected individuals by fbcs, and and remediation measures with enhanced data inventory program, remediation measures with vendor oversight practices for customer privacy, and communication strategy with customer notifications (237,703 affected), communication strategy with public disclosure via fcc order..
Incident Details
Can you provide details on each incident ?
Title: Comcast Data Breach
Description: Comcast, a US company, suffered a data breach incident in September 2015. The breach compromised the personal details of about 75,000 of its customers. The company had offered $100 to the affected customers and $25 million to the state agencies as compensation.
Date Detected: September 2015
Type: Data Breach
Title: Comcast Xfinity Website Bug Exposes Customer Information
Description: A bug in Comcast's website used to activate Xfinity compromised sensitive information on the company's customers. The website, used by customers to set up their home internet and cable service, was used to trick into displaying the home address where the router is located, as well as the Wi-Fi name and password. Only a customer account ID and that customer's house or apartment number are needed, even though the web form asks for a full address. That information could be grabbed from a discarded bill or obtained from an email. The bug returns data even if the Xfinity Wi-Fi is already switched on. It's also possible to rename Wi-Fi network names and passwords, temporarily locking users out.
Type: Data Breach
Attack Vector: Web Application Vulnerability
Vulnerability Exploited: Information Disclosure
Title: Comcast Xfinity Login Page Bug
Description: Comcast Xfinity's login page had a bug that allowed anyone to gain access to the partial Social Security Numbers and partial home addresses of over 26.5 million customers. The company patched the bug quickly after being notified of its existence.
Type: Data Breach
Attack Vector: Bug Exploitation
Vulnerability Exploited: Login Page Bug
Title: Comcast Email Credentials for Sale on Dark Web
Description: A BlackMarket on the dark web was offering about 590,000 Comcast email addresses and passwords for sale. The seller presented a list of 112 accounts asking for $300 USD for 100,000 accounts, and the complete list of 590,000 accounts sells for $1,000 USD as evidence of the reliability of the Comcast data. Approximately 200,000 out of the 590,000 records that were being sold on the illicit market were still active, according to Comcast, which was in possession of the list and had been examining the exposed information. The systems of Comcast have not been penetrated, according to the company's security staff, and each subscriber who reports unusual behaviour on his account will be contacted individually to address the problem.
Type: Data Breach
Attack Vector: Dark Web Marketplace
Threat Actor: Unknown
Motivation: Financial Gain
Title: Xfinity by Comcast Data Breach
Description: Xfinity by Comcast reports a data breach following a cyberattack that took use of the CitrixBleed vulnerability. By taking use of this vulnerability, threat actors were able to take over active authenticated connections and get around multifactor authentication and other stringent authentication regulations. The security company Mandiant saw threat actors taking control of sessions in which the threat actor used session data that had been taken prior to the patch being deployed. The business discovered that hashed passwords and usernames are among the different client data that is exposed.
Type: Data Breach
Attack Vector: CitrixBleed vulnerability
Vulnerability Exploited: CitrixBleed
Title: Comcast Data Breach via Third-Party Vendor
Description: Comcast was affected by a data breach at Financial Business and Consumer Solutions (FBCS), a third-party agency providing collection-related services. The breach exposed personal data of approximately 238,000 customers, including names, addresses, Social Security numbers, dates of birth, and Comcast account details. The incident was the result of unauthorized network access and a ransomware attack at FBCS between February 14 and 26, 2024. Comcast ceased working with FBCS in 2020, but due to data retention requirements, FBCS still held Comcast customer data from around 2021. While FBCS has not observed misuse of the compromised data, Comcast offered one year of credit monitoring and identity protection services to impacted individuals.
Date Detected: 2024-02-26
Type: Data Breach
Attack Vector: Unauthorized Network Access, Ransomware
Title: Xfinity Data Breach via Citrix Software Vulnerability
Description: The Vermont Office of the Attorney General reported that Xfinity experienced a data breach due to a vulnerability in Citrix's software, with unauthorized access occurring between October 16 and October 19, 2023. The breach potentially involved usernames, hashed passwords, names, contact information, last four digits of Social Security numbers, dates of birth, and secret questions and answers.
Date Publicly Disclosed: 2023-12-18
Type: Data Breach
Attack Vector: Exploitation of Citrix Software Vulnerability
Vulnerability Exploited: Citrix Software Vulnerability (unspecified)
Title: Medusa Ransomware Attack on Comcast Corporation
Description: The Medusa ransomware group claimed responsibility for a ransomware attack on Comcast Corporation, a global media and technology company. The group exfiltrated 834.4 GB of data, including actuarial reports, product management data, insurance modeling scripts, and claim analytics. They demanded $1.2 million for the data to be deleted or not leaked/sold. The group posted screenshots and a file listing of 167,121 entries as proof of compromise. Comcast has not publicly confirmed or denied the breach as of the report date.
Date Publicly Disclosed: 2025-09-26
Type: ransomware
Threat Actor: Medusa Ransomware Group
Motivation: financial gainextortion
Title: Medusa Ransomware Attack on Comcast Corporation
Description: The Medusa ransomware group leaked 186.36 GB of compressed data (834 GB decompressed) allegedly stolen from Comcast Corporation in late September 2025. The group initially demanded $1.2 million from Comcast to delete the data instead of leaking or selling it. The leaked data includes files such as 'Esur_rerating_verification.xlsx', 'Claim Data Specifications.xlsm', and Python/SQL scripts related to auto premium impact analysis. The data was released in 47 split files (45 files at 4 GB each and 1 file at 2 GB) on October 19, 2025. Comcast did not respond to requests for comment.
Date Detected: 2025-09-late
Date Publicly Disclosed: 2025-09-26
Type: data breach
Attack Vector: exploitation of GoAnywhere MFT vulnerability (CVE-2025-10035)unauthenticated remote code execution
Vulnerability Exploited: CVE-2025-10035 (GoAnywhere MFT, CVSS 10.0)
Threat Actor: Medusa ransomware group
Motivation: financial gainextortion
Title: Comcast Data Breach and FCC Settlement
Description: Comcast faces a $1.5 million fine for a data breach affecting 237,000 customers. The FCC settlement mandates improved vendor oversight to protect customer privacy.
Type: Data Breach
Title: Comcast Data Breach via Vendor FBCS Leading to $1.5M FCC Fine
Description: Comcast Corporation was fined $1.5 million by the FCC after its vendor, Financial Business and Consumer Solutions (FBCS), exposed the personal data of ~237,000 current and former customers (internet, TV, and home security services). FBCS went bankrupt before disclosing the August 2024 breach. Comcast agreed to a compliance plan with enhanced vendor oversight and privacy safeguards.
Type: Data Breach (Third-Party Vendor)
Title: Comcast Vendor Data Breach Exposes 237,000 Customers' Personal Information
Description: Entertainment giant Comcast (CMCSA) faced regulatory action after a third-party debt-collection vendor, Financial Business and Consumer Solutions (FBCS), suffered a data breach in 2024. The breach exposed personal information of approximately 237,000 Comcast customers, including those using internet, TV, and home security services. The FCC imposed a $1.5 million fine on Comcast, citing inadequate oversight of the vendor, which had filed for bankruptcy before the breach was publicly disclosed in August 2024. Comcast denied blame but agreed to a compliance plan with stricter vendor monitoring rules.
Date Publicly Disclosed: 2024-08
Type: data breach
Title: Comcast Data Breach via Former Vendor FBCS Exposes 237,000 Customer Records
Description: In a significant regulatory enforcement, Comcast Corporation agreed to pay a $1.5 million fine after a data breach at its former vendor, Financial Business and Consumer Solutions (FBCS), exposed sensitive personal information of approximately 237,000 current and former customers. The breach occurred in February 2024 and involved unauthorized access, exfiltration, and encryption of customer data, including names, addresses, Social Security numbers, dates of birth, and Comcast account identifiers. The FCC investigation led to a settlement requiring Comcast to implement enhanced vendor oversight, stricter privacy protections, and improved security practices. Comcast notified affected individuals and offered free identity theft protection services, including 12 months of credit monitoring.
Date Detected: 2024-02
Type: data breach
Attack Vector: unauthorized access to vendor (FBCS) network
Title: Comcast Third-Party Vendor Data Breach (2024)
Description: Comcast experienced a significant data breach in February 2024 due to inadequate cybersecurity measures by a third-party vendor handling customer data. The breach exposed personal information of nearly 275,000 Comcast customers, including names, addresses, and account-related details. The FCC imposed a $1.5 million fine on Comcast for the incident, highlighting the financial and reputational risks of third-party vendor vulnerabilities.
Date Detected: 2024-02
Type: Data Breach (Third-Party Vendor)
Attack Vector: Inadequate cybersecurity measures by third-party vendor
Vulnerability Exploited: Vendor's security shortcomings (unspecified)
Title: Comcast Data Breach via Former Debt-Collection Vendor (2024)
Description: The Federal Communications Commission (FCC) announced that Comcast will pay a $1.5 million civil penalty to resolve an investigation into a 2024 data breach at its former debt-collection vendor, Financial Business and Consumer Solutions (FBCS). The breach exposed the personal information of approximately 237,000 current and former Comcast customers, including subscribers of Xfinity internet, television, and home-security services. The compromised data included names, addresses, dates of birth, partial or full Social Security numbers, account numbers, service details, driver’s license numbers (in some cases), and security questions used for account verification. The FCC determined that Comcast failed to implement adequate oversight of FBCS’s data-security practices after terminating the business relationship in 2022.
Date Publicly Disclosed: 2024-05-00
Type: data breach
Vulnerability Exploited: inadequate vendor oversightimproper data retention by third-party vendor
Threat Actor: cybercriminals
Motivation: financial gaindata theft
Title: Comcast Vendor Data Breach Exposing 237,000+ Customer Records
Description: The FCC's Enforcement Bureau announced that Comcast agreed to pay $1.5 million to resolve a vendor data breach that exposed personal data (including home addresses and Social Security numbers) of over 237,000 current and former customers. The breach occurred via a ransomware attack on Financial Business and Consumer Solutions (FBCS), a third-party debt collection agency formerly used by Comcast. CF Medical/Capio and Truist Bank were also impacted by the same attack on FBCS. Comcast denied responsibility but implemented a compliance plan with enhanced vendor oversight and data inventory practices.
Date Detected: 2024-03-00
Date Publicly Disclosed: 2024-10-00
Type: Data Breach
Attack Vector: Third-Party Vendor (FBCS) Compromise
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Citrix Software Vulnerability, exploitation of GoAnywhere MFT vulnerability (CVE-2025-10035) and FBCS computer network.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach COM12229722
Data Compromised: Home address, Wi-fi name, Wi-fi password
Systems Affected: Xfinity Website
Incident : Data Breach COM22281122
Data Compromised: Partial social security numbers, Partial home addresses
Systems Affected: Login Page
Incident : Data Breach COM1740261023
Data Compromised: Email addresses and passwords
Identity Theft Risk: High
Incident : Data Breach COM152251223
Data Compromised: Hashed passwords, Usernames
Incident : Data Breach COM000101324
Data Compromised: Personal data of approximately 238,000 customers, including names, addresses, Social Security numbers, dates of birth, and Comcast account details
Identity Theft Risk: High
Incident : Data Breach COM020090625
Data Compromised: Usernames, Hashed passwords, Names, Contact information, Last four digits of social security numbers, Dates of birth, Secret questions and answers
Identity Theft Risk: High (PII exposed)
Incident : ransomware COM1802018092925
Data Compromised: Actuarial reports, Product management data, Insurance modeling scripts, Claim analytics, Customer data processing, Claim management systems
Brand Reputation Impact: potential high impact (unconfirmed)
Legal Liabilities: potential regulatory scrutiny (unconfirmed)
Identity Theft Risk: potential (if customer data included)
Incident : data breach COM5935559102325
Data Compromised: 834 gb (decompressed), Files including esur_rerating_verification.xlsx, claim data specifications.xlsm, python/sql scripts
Brand Reputation Impact: high (public leak of sensitive corporate data)
Incident : Data Breach COM1920819112525
Financial Loss: $1.5 million (fine)
Data Compromised: Customer data (237,000 records)
Brand Reputation Impact: Potential negative impact due to breach and fine
Legal Liabilities: $1.5 million FCC fine
Incident : Data Breach (Third-Party Vendor) COM4835348112525
Financial Loss: $1.5 million (FCC fine)
Data Compromised: Personal data of ~237,000 customers
Brand Reputation Impact: Negative (amid regulatory scrutiny and political pressure)
Legal Liabilities: $1.5M FCC fine; compliance plan mandated
Identity Theft Risk: High (personal data exposed)
Incident : data breach COM0835508112525
Data Compromised: personal information of ~237,000 customers
Brand Reputation Impact: stock price drop (>3% on Monday, 38.75% loss over past year)
Legal Liabilities: $1.5 million FCC fine
Identity Theft Risk: high (personal information exposed)
Incident : data breach COM45102545112625
Financial Loss: $1.5 million (FCC fine)
Data Compromised: Names, Addresses, Social security numbers, Dates of birth, Comcast account identifiers
Systems Affected: FBCS computer network
Brand Reputation Impact: moderate (regulatory enforcement, public disclosure)
Legal Liabilities: $1.5 million FCC fine
Identity Theft Risk: high (exposed PII)
Incident : Data Breach (Third-Party Vendor) COM4832048112725
Financial Loss: $1.5 million (FCC fine)
Data Compromised: Names, Addresses, Account-related details
Customer Complaints: Increased (reputational damage)
Brand Reputation Impact: Negative (customers questioned data protection capabilities)
Legal Liabilities: $1.5 million FCC fine
Identity Theft Risk: High (sensitive personal data exposed)
Incident : data breach COM1764424503
Financial Loss: $1.5 million (FCC civil penalty)
Data Compromised: Names, Addresses, Dates of birth, Partial/full social security numbers, Account numbers, Service purchase details, Driver’s license numbers (in some cases), Security questions for account verification
Systems Affected: FBCS (Financial Business and Consumer Solutions) systems
Brand Reputation Impact: potential reputational damage due to exposure of sensitive customer data
Legal Liabilities: FCC investigation$1.5 million civil penalty
Identity Theft Risk: high (due to exposure of SSNs, driver’s license numbers, and security questions)
Incident : Data Breach COM1764611939
Financial Loss: $1.5 million (settlement)
Data Compromised: Home addresses, Social security numbers
Brand Reputation Impact: Potential reputational harm due to exposure of sensitive customer data
Legal Liabilities: $1.5 million FCC settlement
Identity Theft Risk: High (SSNs and addresses exposed)
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $2.12 million.
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal details, Home Address, Wi-Fi Name, Wi-Fi Password, , Partial Social Security Numbers, Partial Home Addresses, , Email addresses and passwords, Hashed Passwords, Usernames, , Personal data, Personally Identifiable Information (Pii), Authentication Credentials, , Actuarial Data, Financial Datasets, Insurance Calculations, Customer Data, Claim Management Data, , Corporate Documents, Excel Spreadsheets (E.G., Esur Rerating Verification.Xlsx, Claim Data Specifications.Xlsm), Python Scripts, Sql Scripts, Auto Premium Impact Analysis Data, , Customer privacy data, Personal data (customers of internet, TV, home security services), personal information, Personally Identifiable Information (Pii), Account Identifiers, , Personally Identifiable Information (Pii), , Personally Identifiable Information (Pii), Financial Data, Account Verification Data, , Personally Identifiable Information (Pii), Home Addresses, Social Security Numbers and .
Which entities were affected by each incident ?
Incident : Data Breach COM13519422
Entity Name: Comcast
Entity Type: Company
Industry: Telecommunications
Location: United States
Customers Affected: 75,000
Incident : Data Breach COM12229722
Entity Name: Comcast
Entity Type: Company
Industry: Telecommunications
Incident : Data Breach COM22281122
Entity Name: Comcast Xfinity
Entity Type: Telecommunications
Industry: Telecommunications
Customers Affected: 26.5 million
Incident : Data Breach COM1740261023
Entity Name: Comcast
Entity Type: Company
Industry: Telecommunications
Customers Affected: 590000
Incident : Data Breach COM152251223
Entity Name: Xfinity by Comcast
Entity Type: Telecommunications
Industry: Telecommunications
Incident : Data Breach COM000101324
Entity Name: Comcast
Entity Type: Company
Industry: Telecommunications
Customers Affected: 238,000
Incident : Data Breach COM020090625
Entity Name: Xfinity (Comcast)
Entity Type: Corporation
Industry: Telecommunications / Internet Service Provider
Location: United States
Incident : ransomware COM1802018092925
Entity Name: Comcast Corporation
Entity Type: public company, conglomerate
Industry: media, technology, telecommunications, entertainment
Location: United States (global operations)
Size: large (Fortune 50 company)
Incident : data breach COM5935559102325
Entity Name: Comcast Corporation
Entity Type: public company
Industry: media, technology, telecommunications
Location: Philadelphia, Pennsylvania, U.S.
Size: large (Fortune 500)
Incident : Data Breach COM1920819112525
Entity Name: Comcast
Entity Type: Corporation
Industry: Telecommunications / Media
Location: United States
Size: Large (Fortune 500)
Customers Affected: 237,000
Incident : Data Breach (Third-Party Vendor) COM4835348112525
Entity Name: Comcast Corporation
Entity Type: Public Company (NASDAQ:CMCSA)
Industry: Telecommunications/Media
Location: United States
Size: Large (Revenue: $31.2B in Q3 2024)
Customers Affected: 237,000
Incident : Data Breach (Third-Party Vendor) COM4835348112525
Entity Name: Financial Business and Consumer Solutions (FBCS)
Entity Type: Vendor (Bankrupt)
Industry: Financial Services/Data Processing
Incident : data breach COM0835508112525
Entity Name: Comcast (CMCSA)
Entity Type: public company
Industry: telecommunications, entertainment, internet service provider
Location: United States
Size: large (Fortune 50)
Customers Affected: 237,000
Incident : data breach COM0835508112525
Entity Name: Financial Business and Consumer Solutions (FBCS)
Entity Type: third-party vendor
Industry: debt collection
Incident : data breach COM45102545112625
Entity Name: Comcast Corporation
Entity Type: corporation
Industry: telecommunications
Location: United States
Size: large
Customers Affected: 237,000
Incident : data breach COM45102545112625
Entity Name: Financial Business and Consumer Solutions (FBCS)
Entity Type: vendor (debt collection agency)
Industry: financial services
Incident : Data Breach (Third-Party Vendor) COM4832048112725
Entity Name: Comcast
Entity Type: Telecommunications
Industry: Telecommunications
Location: United States
Size: Large (Fortune 500)
Customers Affected: 275,000
Incident : data breach COM1764424503
Entity Name: Comcast (Xfinity)
Entity Type: telecommunications and media conglomerate
Industry: telecommunications, internet service, cable television, home security
Location: United States
Size: large (Fortune 50 company)
Customers Affected: 237,000
Incident : data breach COM1764424503
Entity Name: Financial Business and Consumer Solutions (FBCS)
Entity Type: third-party debt collection vendor
Industry: financial services (debt collection)
Incident : Data Breach COM1764611939
Entity Name: Comcast
Entity Type: Telecommunications/ISP
Industry: Media & Communications
Location: United States
Size: Large (Fortune 50)
Customers Affected: 237,703
Incident : Data Breach COM1764611939
Entity Name: Financial Business and Consumer Solutions (FBCS)
Entity Type: Third-Party Vendor (Debt Collection)
Industry: Financial Services
Incident : Data Breach COM1764611939
Entity Name: CF Medical/Capio
Entity Type: Affected Entity (via FBCS)
Industry: Healthcare
Incident : Data Breach COM1764611939
Entity Name: Truist Bank
Entity Type: Affected Entity (via FBCS)
Industry: Banking
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach COM22281122
Containment Measures: patched the bug quickly
Incident : Data Breach COM1740261023
Remediation Measures: Contacting subscribers reporting unusual behavior
Incident : Data Breach COM152251223
Third Party Assistance: Mandiant.
Incident : Data Breach COM000101324
Communication Strategy: Comcast offered one year of credit monitoring and identity protection services to impacted individuals
Incident : Data Breach COM020090625
Communication Strategy: Public disclosure via Vermont Office of the Attorney General
Incident : data breach COM5935559102325
Communication Strategy: no public response or acknowledgement
Incident : Data Breach COM1920819112525
Remediation Measures: Improved vendor oversight (as per FCC mandate)
Incident : Data Breach (Third-Party Vendor) COM4835348112525
Remediation Measures: Compliance plan with strengthened vendor oversight and customer-privacy safeguards
Incident : data breach COM0835508112525
Remediation Measures: new compliance plan with stricter vendor oversight rules
Communication Strategy: public statement denying blame but committing to improved cybersecurity policies
Enhanced Monitoring: improved cybersecurity policies (vendor monitoring)
Incident : data breach COM45102545112625
Incident Response Plan Activated: True
Remediation Measures: enhanced vendor oversightstricter customer privacy protectionsimproved information security practices
Recovery Measures: customer notificationsfree identity theft protection (12-month credit monitoring)
Communication Strategy: public disclosure via FCCcustomer notificationsadvisories for two-factor authentication
Incident : data breach COM1764424503
Communication Strategy: notification to affected individuals by FBCS
Incident : Data Breach COM1764611939
Incident Response Plan Activated: True
Remediation Measures: Enhanced data inventory programVendor oversight practices for customer privacy
Communication Strategy: Customer notifications (237,703 affected)Public disclosure via FCC order
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Mandiant, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach COM13519422
Type of Data Compromised: Personal details
Number of Records Exposed: 75,000
Incident : Data Breach COM12229722
Type of Data Compromised: Home address, Wi-fi name, Wi-fi password
Sensitivity of Data: High
Personally Identifiable Information: Home Address
Incident : Data Breach COM22281122
Type of Data Compromised: Partial social security numbers, Partial home addresses
Number of Records Exposed: 26.5 million
Incident : Data Breach COM1740261023
Type of Data Compromised: Email addresses and passwords
Number of Records Exposed: 590000
Sensitivity of Data: High
Personally Identifiable Information: Email addresses
Incident : Data Breach COM152251223
Type of Data Compromised: Hashed passwords, Usernames
Incident : Data Breach COM000101324
Type of Data Compromised: Personal data
Number of Records Exposed: 238,000
Sensitivity of Data: High
Personally Identifiable Information: Names, addresses, Social Security numbers, dates of birth, and Comcast account details
Incident : Data Breach COM020090625
Type of Data Compromised: Personally identifiable information (pii), Authentication credentials
Sensitivity of Data: High
Data Exfiltration: Likely (unauthorized access confirmed)
Data Encryption: Partially (hashed passwords)
Incident : ransomware COM1802018092925
Type of Data Compromised: Actuarial data, Financial datasets, Insurance calculations, Customer data, Claim management data
Sensitivity of Data: high (potentially includes PII or proprietary business data)
Data Exfiltration: 834.4 GB
File Types Exposed: XLSX (e.g., Esur_rerating_verification.xlsx)XLSM (e.g., Claim Data Specifications.xlsm)Python scriptsSQL scripts
Personally Identifiable Information: potential (unconfirmed)
Incident : data breach COM5935559102325
Type of Data Compromised: Corporate documents, Excel spreadsheets (e.g., esur_rerating_verification.xlsx, claim data specifications.xlsm), Python scripts, Sql scripts, Auto premium impact analysis data
Sensitivity of Data: high (internal corporate and operational data)
Data Exfiltration: 834 GB (decompressed from 186.36 GB compressed)
File Types Exposed: .xlsx.xlsm.py.sql
Incident : Data Breach COM1920819112525
Type of Data Compromised: Customer privacy data
Number of Records Exposed: 237,000
Incident : Data Breach (Third-Party Vendor) COM4835348112525
Type of Data Compromised: Personal data (customers of internet, TV, home security services)
Number of Records Exposed: 237,000
Sensitivity of Data: High (personally identifiable information)
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Incident : data breach COM0835508112525
Type of Data Compromised: personal information
Number of Records Exposed: 237,000
Sensitivity of Data: high (personal information)
Incident : data breach COM45102545112625
Type of Data Compromised: Personally identifiable information (pii), Account identifiers
Number of Records Exposed: 237,000
Sensitivity of Data: high (SSNs, dates of birth, account details)
Data Encryption: True
Incident : Data Breach (Third-Party Vendor) COM4832048112725
Type of Data Compromised: Personally identifiable information (pii)
Number of Records Exposed: 275,000
Sensitivity of Data: High (names, addresses, account details)
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Incident : data breach COM1764424503
Type of Data Compromised: Personally identifiable information (pii), Financial data, Account verification data
Number of Records Exposed: 237,000
Sensitivity of Data: high (includes SSNs, driver’s license numbers, security questions)
Incident : Data Breach COM1764611939
Type of Data Compromised: Personally identifiable information (pii), Home addresses, Social security numbers
Number of Records Exposed: 237,703
Sensitivity of Data: High (SSNs included)
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Contacting subscribers reporting unusual behavior, Improved vendor oversight (as per FCC mandate), Compliance plan with strengthened vendor oversight and customer-privacy safeguards, new compliance plan with stricter vendor oversight rules, enhanced vendor oversight, stricter customer privacy protections, improved information security practices, , Enhanced data inventory program, Vendor oversight practices for customer privacy, .
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by patched the bug quickly and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : ransomware COM1802018092925
Ransom Demanded: $1.2 million (for data deletion or to prevent leak/sale)
Ransomware Strain: Medusa
Data Exfiltration: 834.4 GB
Incident : data breach COM5935559102325
Ransom Demanded: $1.2 million (for data deletion)
Ransomware Strain: Medusa
Data Exfiltration: 834 GB
Incident : data breach COM1764424503
Data Exfiltration: True
Incident : Data Breach COM1764611939
Data Exfiltration: True
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through customer notifications, free identity theft protection (12-month credit monitoring), .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach COM020090625
Regulatory Notifications: Reported to Vermont Office of the Attorney General
Incident : ransomware COM1802018092925
Regulatory Notifications: potential (if sensitive data confirmed)
Incident : Data Breach COM1920819112525
Regulations Violated: FCC customer privacy rules
Fines Imposed: $1.5 million
Legal Actions: FCC settlement
Incident : Data Breach (Third-Party Vendor) COM4835348112525
Regulations Violated: FCC consumer privacy rules
Fines Imposed: $1.5 million
Legal Actions: Settlement with FCC; mandated compliance plan
Regulatory Notifications: FCC disclosure
Incident : data breach COM0835508112525
Fines Imposed: $1.5 million (FCC)
Legal Actions: settlement with FCC including compliance plan
Regulatory Notifications: FCC disclosure (August 2024)
Incident : data breach COM45102545112625
Regulations Violated: FCC regulations (customer privacy),
Fines Imposed: $1.5 million
Legal Actions: FCC settlement agreement,
Regulatory Notifications: FCC investigation and disclosure
Incident : Data Breach (Third-Party Vendor) COM4832048112725
Regulations Violated: FCC data protection requirements,
Fines Imposed: $1.5 million
Legal Actions: FCC investigation and settlement
Regulatory Notifications: FCC
Incident : data breach COM1764424503
Regulations Violated: FCC data security and vendor oversight requirements,
Fines Imposed: $1.5 million
Legal Actions: FCC enforcement action,
Regulatory Notifications: FCC investigation and public disclosure
Incident : Data Breach COM1764611939
Fines Imposed: $1.5 million (FCC settlement)
Legal Actions: FCC Enforcement Bureau order, Compliance plan with vendor oversight requirements,
Regulatory Notifications: FCCAffected customers (237,703)
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through FCC settlement, Settlement with FCC; mandated compliance plan, settlement with FCC including compliance plan, FCC settlement agreement, , FCC investigation and settlement, FCC enforcement action, , FCC Enforcement Bureau order, Compliance plan with vendor oversight requirements, .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : data breach COM0835508112525
Lessons Learned: Importance of rigorous third-party vendor oversight and cybersecurity compliance for customer data protection.
Incident : data breach COM45102545112625
Lessons Learned: Importance of vetting third-party vendors for cybersecurity risks, Need for robust data security protocols in vendor contracts, Proactive customer support (e.g., credit monitoring) mitigates reputational damage
Incident : Data Breach (Third-Party Vendor) COM4832048112725
Lessons Learned: Protecting customer data requires constant vigilance and assessment of vendor security measures., Organizations must enforce stricter controls and audits of third-party vendors., Transparency and swift action in response to breaches are crucial for maintaining customer trust.
Incident : data breach COM1764424503
Lessons Learned: Importance of post-contractual vendor oversight, Need for explicit data deletion clauses with third-party vendors, Risks of retaining customer data beyond necessary periods
Incident : Data Breach COM1764611939
Lessons Learned: Importance of third-party vendor risk management and real-time data inventory tracking for PII shared with external partners.
What recommendations were made to prevent future incidents ?
Incident : Data Breach COM1920819112525
Recommendations: Enhance third-party vendor oversight and compliance monitoring to prevent future breaches.
Incident : data breach COM0835508112525
Recommendations: Enhance vendor risk assessment protocols, Implement continuous monitoring of third-party security practices, Strengthen contractual obligations for data protection with vendors, Develop incident response plans specifically for third-party breachesEnhance vendor risk assessment protocols, Implement continuous monitoring of third-party security practices, Strengthen contractual obligations for data protection with vendors, Develop incident response plans specifically for third-party breachesEnhance vendor risk assessment protocols, Implement continuous monitoring of third-party security practices, Strengthen contractual obligations for data protection with vendors, Develop incident response plans specifically for third-party breachesEnhance vendor risk assessment protocols, Implement continuous monitoring of third-party security practices, Strengthen contractual obligations for data protection with vendors, Develop incident response plans specifically for third-party breaches
Incident : data breach COM45102545112625
Recommendations: Implement stricter vendor cybersecurity audits, Enhance encryption and access controls for sensitive customer data, Expand customer education on two-factor authentication and fraud monitoringImplement stricter vendor cybersecurity audits, Enhance encryption and access controls for sensitive customer data, Expand customer education on two-factor authentication and fraud monitoringImplement stricter vendor cybersecurity audits, Enhance encryption and access controls for sensitive customer data, Expand customer education on two-factor authentication and fraud monitoring
Incident : Data Breach (Third-Party Vendor) COM4832048112725
Recommendations: Continuous monitoring of vendor security practices., Mandate periodic security audits for vendors with detailed reporting requirements., Define cybersecurity obligations and breach repercussions in vendor contracts.Continuous monitoring of vendor security practices., Mandate periodic security audits for vendors with detailed reporting requirements., Define cybersecurity obligations and breach repercussions in vendor contracts.Continuous monitoring of vendor security practices., Mandate periodic security audits for vendors with detailed reporting requirements., Define cybersecurity obligations and breach repercussions in vendor contracts.
Incident : data breach COM1764424503
Recommendations: Implement stricter vendor data-security audits, even after contract termination., Enforce contractual obligations for timely deletion of customer data by third parties., Enhance monitoring of third-party vendors handling sensitive customer information., Provide identity theft protection services to affected customers.Implement stricter vendor data-security audits, even after contract termination., Enforce contractual obligations for timely deletion of customer data by third parties., Enhance monitoring of third-party vendors handling sensitive customer information., Provide identity theft protection services to affected customers.Implement stricter vendor data-security audits, even after contract termination., Enforce contractual obligations for timely deletion of customer data by third parties., Enhance monitoring of third-party vendors handling sensitive customer information., Provide identity theft protection services to affected customers.Implement stricter vendor data-security audits, even after contract termination., Enforce contractual obligations for timely deletion of customer data by third parties., Enhance monitoring of third-party vendors handling sensitive customer information., Provide identity theft protection services to affected customers.
Incident : Data Breach COM1764611939
Recommendations: Implement stricter vendor cybersecurity audits, Enhance real-time monitoring of PII shared with third parties, Develop incident response protocols for vendor-originated breachesImplement stricter vendor cybersecurity audits, Enhance real-time monitoring of PII shared with third parties, Develop incident response protocols for vendor-originated breachesImplement stricter vendor cybersecurity audits, Enhance real-time monitoring of PII shared with third parties, Develop incident response protocols for vendor-originated breaches
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Importance of rigorous third-party vendor oversight and cybersecurity compliance for customer data protection.Importance of vetting third-party vendors for cybersecurity risks,Need for robust data security protocols in vendor contracts,Proactive customer support (e.g., credit monitoring) mitigates reputational damageProtecting customer data requires constant vigilance and assessment of vendor security measures.,Organizations must enforce stricter controls and audits of third-party vendors.,Transparency and swift action in response to breaches are crucial for maintaining customer trust.Importance of post-contractual vendor oversight,Need for explicit data deletion clauses with third-party vendors,Risks of retaining customer data beyond necessary periodsImportance of third-party vendor risk management and real-time data inventory tracking for PII shared with external partners.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Develop incident response plans specifically for third-party breaches, Implement continuous monitoring of third-party security practices, Strengthen contractual obligations for data protection with vendors, Enhance vendor risk assessment protocols and Enhance third-party vendor oversight and compliance monitoring to prevent future breaches..
References
Where can I find more information about each incident ?
Incident : Data Breach COM020090625
Source: Vermont Office of the Attorney General
Date Accessed: 2023-12-18
Incident : ransomware COM1802018092925
Source: Medusa Ransomware Group Dark Web Leak Site
Date Accessed: 2025-09-26
Incident : data breach COM5935559102325
Source: Microsoft Security Advisory (CVE-2025-10035)
Date Accessed: 2025-10-early
Incident : Data Breach (Third-Party Vendor) COM4835348112525
Source: Benzinga
Incident : Data Breach (Third-Party Vendor) COM4835348112525
Source: FCC Settlement Announcement
Incident : data breach COM0835508112525
Source: Federal Communications Commission (FCC)
Incident : data breach COM0835508112525
Source: TipRanks / Market Analysis
Incident : data breach COM45102545112625
Source: Federal Communications Commission (FCC)
Incident : Data Breach (Third-Party Vendor) COM4832048112725
Source: FCC investigation report (2024)
Incident : data breach COM1764424503
Source: Federal Communications Commission (FCC)
Incident : Data Breach COM1764611939
Source: FCC Enforcement Bureau Order (PDF)
Date Accessed: 2024-10-00
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Vermont Office of the Attorney GeneralDate Accessed: 2023-12-18, and Source: Hackread.comDate Accessed: 2025-09-26, and Source: Medusa Ransomware Group Dark Web Leak SiteDate Accessed: 2025-09-26, and Source: Hackread.comDate Accessed: 2025-10-19, and Source: Microsoft Security Advisory (CVE-2025-10035)Date Accessed: 2025-10-early, and Source: Benzinga, and Source: FCC Settlement Announcement, and Source: Federal Communications Commission (FCC), and Source: TipRanks / Market Analysis, and Source: Federal Communications Commission (FCC), and Source: FCC investigation report (2024), and Source: Federal Communications Commission (FCC), and Source: FCC Enforcement Bureau Order (PDF)Date Accessed: 2024-10-00, and Source: ReutersDate Accessed: 2024-10-00, and Source: Light ReadingDate Accessed: 2024-10-00.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach COM020090625
Investigation Status: Disclosed (ongoing details unspecified)
Incident : ransomware COM1802018092925
Investigation Status: unconfirmed by Comcast; under monitoring by media (Hackread.com)
Incident : data breach COM5935559102325
Investigation Status: ongoing (no official confirmation or denial from Comcast)
Incident : Data Breach (Third-Party Vendor) COM4835348112525
Investigation Status: Resolved (settlement reached)
Incident : data breach COM0835508112525
Investigation Status: resolved (FCC settlement reached)
Incident : data breach COM45102545112625
Investigation Status: resolved (FCC settlement reached)
Incident : Data Breach (Third-Party Vendor) COM4832048112725
Investigation Status: Resolved (FCC settlement reached)
Incident : data breach COM1764424503
Investigation Status: resolved (FCC settlement reached)
Incident : Data Breach COM1764611939
Investigation Status: Resolved (FCC settlement reached)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Comcast offered one year of credit monitoring and identity protection services to impacted individuals, Public disclosure via Vermont Office of the Attorney General, no public response or acknowledgement, public statement denying blame but committing to improved cybersecurity policies, Public Disclosure Via Fcc, Customer Notifications, Advisories For Two-Factor Authentication, Notification To Affected Individuals By Fbcs, Customer Notifications (237,703 Affected) and Public Disclosure Via Fcc Order.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : data breach COM45102545112625
Stakeholder Advisories: Fcc Public Disclosure, Customer Notifications With Identity Theft Protection Offers.
Customer Advisories: Monitor financial accounts for fraudulent activityEnable two-factor authentication on Comcast accountsUtilize provided 12-month credit monitoring service
Incident : data breach COM1764424503
Customer Advisories: FBCS notified affected individuals of the breach
Incident : Data Breach COM1764611939
Customer Advisories: 237,703 customers notified of data exposure
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Fcc Public Disclosure, Customer Notifications With Identity Theft Protection Offers, Monitor Financial Accounts For Fraudulent Activity, Enable Two-Factor Authentication On Comcast Accounts, Utilize Provided 12-Month Credit Monitoring Service, , Fbcs Notified Affected Individuals Of The Breach, , 237 and703 customers notified of data exposure.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach COM020090625
Entry Point: Citrix Software Vulnerability
Incident : ransomware COM1802018092925
High Value Targets: Actuarial/Financial Datasets, Insurance Modeling Systems,
Data Sold on Dark Web: Actuarial/Financial Datasets, Insurance Modeling Systems,
Incident : data breach COM5935559102325
Entry Point: exploitation of GoAnywhere MFT vulnerability (CVE-2025-10035)
High Value Targets: Corporate Data, Operational Scripts,
Data Sold on Dark Web: Corporate Data, Operational Scripts,
Incident : data breach COM45102545112625
Entry Point: FBCS computer network
High Value Targets: Customer Pii, Comcast Account Identifiers,
Data Sold on Dark Web: Customer Pii, Comcast Account Identifiers,
Incident : data breach COM1764424503
High Value Targets: Comcast Customer Pii,
Data Sold on Dark Web: Comcast Customer Pii,
Incident : Data Breach COM1764611939
High Value Targets: Comcast Customer Pii, Cf Medical/Capio Data, Truist Bank Data,
Data Sold on Dark Web: Comcast Customer Pii, Cf Medical/Capio Data, Truist Bank Data,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Data Breach COM020090625
Root Causes: Exploitation of unpatched Citrix software vulnerability
Incident : data breach COM5935559102325
Root Causes: Unpatched Vulnerability (Cve-2025-10035), Lack Of Timely Response To Exploit Warnings,
Incident : Data Breach COM1920819112525
Root Causes: Likely related to third-party vendor vulnerabilities (as implied by FCC mandate for improved oversight)
Corrective Actions: Implementation of stricter vendor oversight protocols as per FCC requirements
Incident : Data Breach (Third-Party Vendor) COM4835348112525
Root Causes: Vendor (FBCS) security failure; lack of oversight
Corrective Actions: Enhanced vendor oversight and customer-privacy safeguards per FCC compliance plan
Incident : data breach COM0835508112525
Root Causes: Inadequate Oversight Of Third-Party Vendor (Fbcs), Vendor'S Bankruptcy Potentially Compromising Data Security Practices, Failure To Enforce Or Verify Compliance With Comcast'S Security Standards By The Vendor,
Corrective Actions: Implementation Of Stricter Vendor Compliance Plan, Enhanced Cybersecurity Policies For Third-Party Risk Management,
Incident : data breach COM45102545112625
Root Causes: Inadequate Vendor Cybersecurity Oversight By Comcast, Fbcs Network Vulnerabilities Leading To Unauthorized Access, Lack Of Proactive Monitoring For Exfiltration Attempts,
Corrective Actions: Implementation Of Compliance Program With Enhanced Vendor Oversight, Stricter Customer Privacy Protections, Improved Information Security Practices Across Operations,
Incident : Data Breach (Third-Party Vendor) COM4832048112725
Root Causes: Inadequate Cybersecurity Measures By Third-Party Vendor, Lack Of Robust Vendor Oversight By Comcast,
Corrective Actions: Enhanced Vendor Accountability Measures, Stricter Security Protocols For Third-Party Data Handling,
Incident : data breach COM1764424503
Root Causes: Comcast’S Failure To Oversee Fbcs’S Data-Security Practices Post-Contract Termination, Fbcs’S Retention Of Comcast Customer Data Beyond The End Of The Business Relationship, Inadequate Security Measures At Fbcs Leading To Unauthorized Access,
Corrective Actions: $1.5 Million Civil Penalty Paid To Fcc, Likely Internal Policy Reviews For Third-Party Vendor Management,
Incident : Data Breach COM1764611939
Root Causes: Inadequate Third-Party Vendor Security Controls, Delayed Breach Notification By Fbcs (March To July 2024),
Corrective Actions: $1.5M Fcc Settlement, Enhanced Vendor Oversight, Improved Data Inventory Tracking,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Mandiant, , improved cybersecurity policies (vendor monitoring).
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Implementation of stricter vendor oversight protocols as per FCC requirements, Enhanced vendor oversight and customer-privacy safeguards per FCC compliance plan, Implementation Of Stricter Vendor Compliance Plan, Enhanced Cybersecurity Policies For Third-Party Risk Management, , Implementation Of Compliance Program With Enhanced Vendor Oversight, Stricter Customer Privacy Protections, Improved Information Security Practices Across Operations, , Enhanced Vendor Accountability Measures, Stricter Security Protocols For Third-Party Data Handling, , $1.5 Million Civil Penalty Paid To Fcc, Likely Internal Policy Reviews For Third-Party Vendor Management, , $1.5M Fcc Settlement, Enhanced Vendor Oversight, Improved Data Inventory Tracking, .
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was $1.2 million (for data deletion or to prevent leak/sale).
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Unknown, Medusa Ransomware Group, Medusa ransomware group and cybercriminals.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on September 2015.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-10-00.
Impact of the Incidents
What was the highest financial loss from an incident ?
Highest Financial Loss: The highest financial loss from an incident was 25 million.
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Personal details, Home Address, Wi-Fi Name, Wi-Fi Password, , partial Social Security Numbers, partial home addresses, , Email addresses and passwords, Hashed passwords, Usernames, , Personal data of approximately 238,000 customers, including names, addresses, Social Security numbers, dates of birth, and Comcast account details, usernames, hashed passwords, names, contact information, last four digits of Social Security numbers, dates of birth, secret questions and answers, , actuarial reports, product management data, insurance modeling scripts, claim analytics, customer data processing, claim management systems, , 834 GB (decompressed), files including Esur_rerating_verification.xlsx, Claim Data Specifications.xlsm, Python/SQL scripts, , Customer data (237,000 records), Personal data of ~237,000 customers, personal information of ~237,000 customers, names, addresses, Social Security numbers, dates of birth, Comcast account identifiers, , Names, Addresses, Account-related details, , names, addresses, dates of birth, partial/full Social Security numbers, account numbers, service purchase details, driver’s license numbers (in some cases), security questions for account verification, , Home addresses, Social Security numbers and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was Xfinity Website and Login Page and FBCS computer network and FBCS (Financial Business and Consumer Solutions) systems.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was mandiant, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was patched the bug quickly.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Customer data (237,000 records), Social Security numbers, personal information of ~237,000 customers, Addresses, service purchase details, Names, Email addresses and passwords, driver’s license numbers (in some cases), secret questions and answers, Personal data of approximately 238,000 customers, including names, addresses, Social Security numbers, dates of birth, and Comcast account details, addresses, Wi-Fi Name, Hashed passwords, product management data, usernames, Wi-Fi Password, Home Address, customer data processing, Personal details, claim analytics, last four digits of Social Security numbers, account numbers, partial/full Social Security numbers, partial home addresses, actuarial reports, dates of birth, files including Esur_rerating_verification.xlsx, Claim Data Specifications.xlsm, Python/SQL scripts, Usernames, security questions for account verification, names, hashed passwords, partial Social Security Numbers, contact information, Comcast account identifiers, 834 GB (decompressed), insurance modeling scripts, Personal data of ~237,000 customers, claim management systems, Account-related details and Home addresses.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 28.5M.
Ransomware Information
Regulatory Compliance
What was the highest fine imposed for a regulatory violation ?
Highest Fine Imposed: The highest fine imposed for a regulatory violation was $1.5 million, $1.5 million, $1.5 million (FCC), $1.5 million, $1.5 million, $1.5 million, $1.5 million (FCC settlement).
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was FCC settlement, Settlement with FCC; mandated compliance plan, settlement with FCC including compliance plan, FCC settlement agreement, , FCC investigation and settlement, FCC enforcement action, , FCC Enforcement Bureau order, Compliance plan with vendor oversight requirements, .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Risks of retaining customer data beyond necessary periods, Importance of third-party vendor risk management and real-time data inventory tracking for PII shared with external partners.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Expand customer education on two-factor authentication and fraud monitoring, Provide identity theft protection services to affected customers., Develop incident response plans specifically for third-party breaches, Implement continuous monitoring of third-party security practices, Implement stricter vendor data-security audits, even after contract termination., Continuous monitoring of vendor security practices., Define cybersecurity obligations and breach repercussions in vendor contracts., Enforce contractual obligations for timely deletion of customer data by third parties., Implement stricter vendor cybersecurity audits, Strengthen contractual obligations for data protection with vendors, Enhance vendor risk assessment protocols, Mandate periodic security audits for vendors with detailed reporting requirements., Enhance monitoring of third-party vendors handling sensitive customer information., Enhance third-party vendor oversight and compliance monitoring to prevent future breaches., Develop incident response protocols for vendor-originated breaches, Enhance real-time monitoring of PII shared with third parties and Enhance encryption and access controls for sensitive customer data.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Medusa Ransomware Group Dark Web Leak Site, Benzinga, Hackread.com, TipRanks / Market Analysis, FCC Enforcement Bureau Order (PDF), Reuters, Federal Communications Commission (FCC), Microsoft Security Advisory (CVE-2025-10035), Vermont Office of the Attorney General, FCC investigation report (2024), FCC Settlement Announcement and Light Reading.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Disclosed (ongoing details unspecified).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was FCC public disclosure, customer notifications with identity theft protection offers, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Monitor financial accounts for fraudulent activityEnable two-factor authentication on Comcast accountsUtilize provided 12-month credit monitoring service, FBCS notified affected individuals of the breach, 237 and703 customers notified of data exposure.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an FBCS computer network, Citrix Software Vulnerability and exploitation of GoAnywhere MFT vulnerability (CVE-2025-10035).
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Exploitation of unpatched Citrix software vulnerability, unpatched vulnerability (CVE-2025-10035)lack of timely response to exploit warnings, Likely related to third-party vendor vulnerabilities (as implied by FCC mandate for improved oversight), Vendor (FBCS) security failure; lack of oversight, Inadequate oversight of third-party vendor (FBCS)Vendor's bankruptcy potentially compromising data security practicesFailure to enforce or verify compliance with Comcast's security standards by the vendor, Inadequate vendor cybersecurity oversight by ComcastFBCS network vulnerabilities leading to unauthorized accessLack of proactive monitoring for exfiltration attempts, Inadequate cybersecurity measures by third-party vendorLack of robust vendor oversight by Comcast, Comcast’s failure to oversee FBCS’s data-security practices post-contract terminationFBCS’s retention of Comcast customer data beyond the end of the business relationshipInadequate security measures at FBCS leading to unauthorized access, Inadequate third-party vendor security controlsDelayed breach notification by FBCS (March to July 2024).
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Implementation of stricter vendor oversight protocols as per FCC requirements, Enhanced vendor oversight and customer-privacy safeguards per FCC compliance plan, Implementation of stricter vendor compliance planEnhanced cybersecurity policies for third-party risk management, Implementation of compliance program with enhanced vendor oversightStricter customer privacy protectionsImproved information security practices across operations, Enhanced vendor accountability measuresStricter security protocols for third-party data handling, $1.5 million civil penalty paid to FCCLikely internal policy reviews for third-party vendor management, $1.5M FCC settlementEnhanced vendor oversightImproved data inventory tracking.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=comcast' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
