Medusa ransomware group claims breach of Comcast Corporation, demands $1.2 Million ransom

The Medusa ransomware group claims they have breached Comcast Corporation, a media and technology conglomerate. 

The alleged breach was published on the group's dark web leak site on September 26, 2025. Medusa claims to have stolen 834.4 gigabytes of sensitive corporate data. They are demanding a ransom of $1.2 million. 

To prove their claims, the Medusa group posted approximately 20 screenshots allegedly showing internal Comcast files and shared a massive file listing containing 167,121 entries, suggesting they obtained access to highly sensitive corporate information. 

Sample file paths shared by the attackers include documents such as "Esur_rerating_verification.xlsx," "Claim Data Specifications.xlsm," and Python and SQL scripts related to insurance operations and premium calculations. The nature of these files suggests the breach may have exposed internal business intelligence, proprietary financial models, and potentially sensitive customer information related to insurance and claim processing operations.

The number of affected individuals has not been disclosed. 

Comcast has not publicly confirmed or denied the breach claims made by Medusa.

Update - as of 23rd of October 2025, the Medusa ransomware group leaked 186.36 GB of allegedly stolen data from Comcast Corporation. The leaked data is now available for download in 47 split files titled Comcast_FS

Comcast has not publicly responded to the incident.