Hacker Group Medusa Claims Comcast Breach

According to Cybernews, Medusa Ransomware posted its demands on the dark web last Friday, along with 33 images as proof of the 834.4 GB of stolen data. The screenshots allegedly show financial documents and sensitive information related to both employees and customers. Comcast has not confirmed the breach.

“The size of the data leak indicates that it could be a serious breach, strongly suggesting the stolen files include a wide variety of data types far beyond the initially revealed documents,” said Mantas Sabeckis, Information Security Researcher at Cybernews. “The data in these documents dates as early as 2020 up to 2025, leading us to believe that they’ve breached the core business system and exfiltrated sensitive files.”

The leaked images reportedly include a file tree showing stolen directories from different departments. Examples include Human Resources (training, employment, and compliance records) and Security (logs and reports).

“The file tree list reveals that attackers have exfiltrated not just regular files but also backups of multiple production databases, human resources data, customer and billing data, insurance operations, and internal IT and security data,” said Sabeckis.

The hackers also attached a countdown timer to their dark web post, giving Comcast about 11 days to pay the $1.2 million ransom and delete the data. A potential buyer could also access the data by paying the requested amount.

If Medusa’s claims prove true, this would not be Comcast’s first cybersecurity incident. Last year, Comcast and Truist Bank announced a data breach involving their partner Financial Business and Consumer Solutions (FBCS) in October. Its internet company Xfinity, was also breached by the end of last year, affecting around 32 million customers.