The Medusa ransomware group has claimed responsibility for a significant ransomware attack targeting Comcast Corporation, a prominent global media and technology enterprise recognized for its broadband, television, and film services.
According to evidence posted on the group’s dark web leak site, Medusa has exfiltrated approximately 834.4 gigabytes of data, demanding $1.2 million for interested buyers to access it. Similarly, this sum has been set as a ransom for Comcast should they choose to have the data deleted instead of leaked or sold.
To substantiate their claims, Medusa has released around 20 screenshots purportedly showcasing internal Comcast documents. Additionally, they provided a comprehensive file listing with 167,121 entries, which appears to include sensitive information related to actuarial reports, product management, insurance modeling scripts, and claims analytics. The documents hinted at various file paths, including Esur_rerating_verification.xlsx and Claim Data Specifications.xlsm, along with Python and SQL scripts connected to auto premium impact analysis.
Comcast and Cybersecurity
Comcast also owns NBCUniversal, which encompasses NBC, Telemundo, Universal Pictures, and a variety of television networks and streaming platforms, including Peacock. While the company has not frequently been in the news for large-scale cyber incidents, a report from Hackread.com in 2015 disclosed that over 200,000 Comcast user credentials were found on the dark web. At the time, Comcast attributed the leak to credential aggregation rather than a direct breach, highlighting the complexities associated with old leaks resurfacing alongside new attacks.
The Medusa ransomware group has a history of publishing file listings and partial screenshots as proof of compromise, while withholding the bulk of data to intensify ransom pressure. The files in this incident suggest a focus on actuarial and financial datasets, potentially implicating customer data processing, insurance calculations, and claims management systems.
Medusa Aims at Major American Companies
Previous actions by Medusa illustrate a pattern where they release portions of data if ransom demands remain unmet, exerting additional pressure on victims to engage in negotiations. This year alone, the group has orchestrated several high-profile attacks. Notably, they targeted NASCAR with a $4 million ransom demand announced on April 8, 2025. This incident was subsequently confirmed as a data breach in July 2025, reinforcing the group’s capacity to follow through on threats when negotiations stall.
As of this writing, Comcast has not publicly confirmed or denied the breach. Should sensitive customer or financial data be involved, the company may face regulatory scrutiny, especially considering the scale of the alleged data leak.
In alignment with the MITRE ATT&CK framework, this incident could involve various tactics such as initial access through phishing or exploiting unpatched vulnerabilities, persistence through backdoors, and data exfiltration techniques to secure sensitive data. These tactics emphasize the need for robust cybersecurity measures and the importance of continuous monitoring and incident response strategies. As the situation evolves, Hackread.com will remain vigilant for updates regarding Comcast’s response and any further disclosures from Medusa.
