In late 2023 a vulnerability in Citrix software gave hackers a window into Xfinity’s internal networks. Between Oct. 16 and Oct. 19 the attackers siphoned usernames, hashed passwords and, for many customers, personally identifying data such as names, contact details, last‑four SSN digits, birth dates and security‑question answers. Comcast disclosed the breach after notifying federal authorities.

A class‑action suit followed, culminating in a $117.5 million settlement that Comcast will distribute to the 36 million affected users. Claimants receive a unique settlement member ID via email; those who cannot locate the notice can retrieve the ID through an online lookup form. Recipients choose either a flat $50 payment or submit documentation of actual out‑of‑pocket losses to seek a higher award.

Comcast’s settlement process underscores how third‑party software flaws can ripple across millions of consumers. By offering a cash option, the company streamlines payouts, yet the alternative claims route may favor those with verifiable expenses. Ultimately, the $117.5 million fund provides a tangible, though limited, remedy for a breach that exposed deeply personal information.

Customers seeking their payout should locate the settlement ID, submit the claim form, and decide between the guaranteed cash sum or a higher reimbursement backed by receipts. The deadline for filing remains open, so affected Xfinity users must act promptly to claim their share.