The Medusa ransomware group is claiming responsibility for a ransomware attack on Comcast Corporation, a global media and technology company best known for its broadband, television, and film businesses.
According to the group’s dark web leak site, they exfiltrated 834.4 gigabytes of data and are demanding $1.2 million for interested buyers to download it. The same sum has been set as ransom for Comcast if the company wants the data deleted rather than leaked or sold.
To back its claims, Medusa has posted around 20 screenshots allegedly showing internal Comcast files. The group also shared a massive file listing of 167,121 entries, suggesting access to actuarial reports, product management data, insurance modelling scripts, and claim analytics.
The sample paths include files such as Esur_rerating_verification.xlsx, Claim Data Specifications.xlsm, and Python, as well as SQL scripts related to auto premium impact analysis.
Comcast and Cybersecurity
For your information, Comcast owns NBCUniversal, which operates NBC, Telemundo, Universal Pictures, Sky (in Europe), and a wide range of TV networks, film studios, and streaming platforms like Peacock.
Although the company has not been in news over large-scale cyber attacks, a 2015 report published by Hackread.com revealed that over 200,000 Comcast user credentials were leaked on the dark web.
At the time, Comcast stated the data likely came from credential aggregation rather than a direct breach of its systems. The case underscored how previously exposed information can resurface years later, complicating efforts to separate legacy leaks from fresh intrusions.
Medusa ransomware is known for publishing file listings and partial screenshots as proof of compromise while holding back the bulk of the data to increase ransom pressure. In this case, the nature of the files points toward actuarial and financial datasets, some of which appear to involve insurance calculations, customer data processing, and claim management systems.
Medusa Aims At Top American Firms
Past Medusa incidents have shown that the group tends to release portions of data if demands are not met, increasing the pressure on victims to negotiate. The cyber criminal group has also been behind several high-profile attacks this year.
On April 8, 2025, the group announced it had targeted NASCAR with a $4 million ransom demand. That incident was later confirmed as a data breach in July 2025, showing the group had followed through on previous threats when negotiations failed.
At the time of writing, Comcast has not publicly confirmed or denied the breach. The company may face regulatory scrutiny if sensitive customer or financial data is involved, particularly given the sheer size of the alleged leak.
Hackread.com has reached out to Comcast for comment and will continue monitoring the situation for updates on the company’s response and any further releases from Medusa.
