The Medusa ransomware group has publicly disclosed 186.36 GB of compressed data, which they allege was stolen from Comcast Corporation, a prominent global media and technology entity based in the United States. As highlighted in an earlier report by Hackread.com, the group claimed to have infiltrated Comcast in late September 2025, acquiring a total of 834 GB of sensitive information.
The leaked archive, when decompressed, is expected to represent the claimed 834 GB of purloined data. The data release occurred on Sunday, October 19, after the ransomware group initially sought $1.2 million from potential buyers for access to the files. This same figure was reportedly demanded from Comcast to prevent the information from being leaked or sold.
The dataset analyzed by Hackread.com in context of this breach included various records, such as Excel files named Esur_rerating_verification.xlsx and Claim Data Specifications.xlsm, alongside multiple Python and SQL scripts related to auto premium impact analysis. The nature of this data raises concerns about the potential exposure of sensitive customer information and corporate operations.
Despite reaching out for comment, Hackread.com did not receive any acknowledgment or denial from Comcast regarding the incident. The leaked information is now available in 47 segmented files under the label Comcast_FS—45 of which are 4 GB each, with the remaining file sized at 2 GB, underscoring the extensive nature of the data breach.
The Medusa group has built a notorious reputation for targeting large organizations. This follows their previous attack on NASCAR in April 2025, where they demanded a ransom of $4 million—an incident confirmed as a data breach later that summer. This pattern suggests a methodical approach to extorting companies, particularly when negotiations falter.
In a related development, earlier this month, Microsoft issued a security advisory alerting organizations to the Medusa group’s exploitation of the GoAnywhere MFT vulnerability (CVE-2025-10035, CVSS 10.0), enabling unauthenticated remote code execution. This highlights the group’s continued capacity to leverage critical vulnerabilities in well-known software solutions to facilitate their attacks.
As Comcast becomes an additional entry on the growing roster of ransomware attack victims, it reinforces the ongoing cybersecurity risks facing major corporations. Notably, in 2023, Comcast’s Xfinity brand underwent a significant breach linked to a critical Citrix software vulnerability, affecting over 35.9 million user accounts. This incident serves as a stark reminder for business owners to prioritize robust cybersecurity measures to fend off potential threats in this rapidly evolving landscape.
