The Medusa ransomware group has taken responsibility for a cyberattack on Comcast, the global media and technology giant. The group claims to have stolen 834.4 gigabytes of data and is demanding a $1.2 million ransom. This same amount is also being offered to interested buyers who want to download the data, should Comcast decline to pay for its deletion. This tactic is typical for Medusa, which is known for trying to increase pressure on its victims by offering stolen data for sale on the dark web. The group often publishes file listings and partial screenshots as proof of its claims.
As evidence of the breach, Medusa has posted around 20 screenshots that allegedly show internal Comcast files. Additionally, the group shared a massive file listing with 167,121 entries. This list suggests the data includes sensitive information such as actuarial reports, product management data, insurance modeling scripts, and claim analytics. The file paths revealed in the listing include files like “Esur_rerating_verification.xlsx,” “Claim Data Specifications.xlsm,” and Python and SQL scripts related to auto premium impact analysis.
The nature of the stolen files points toward highly sensitive financial and actuarial datasets. Some of these files appear to involve insurance calculations, customer data processing, and claim management systems. While Comcast is not typically in the news for large-scale cyberattacks, this isn’t the first time the company has faced a data security issue. In 2015, a report from Hackread.com revealed that over 200,000 Comcast user credentials had been leaked on the dark web. At the time, Comcast asserted that the data was likely from a credential aggregation and not a direct breach of its systems.
The previous leak in 2015 highlights a common challenge for companies: separating new cyber intrusions from old data leaks. Old information that was previously exposed can resurface years later, complicating investigations and potentially misleading the public about the source of the data. This makes it difficult to determine whether a new claim of a breach is legitimate or if it’s based on information that has been circulating on the dark web for years.
The current situation with Medusa, however, appears to be a fresh intrusion. The group’s tactics, combined with the detailed nature of the file listing, suggest that they have indeed gained access to and exfiltrated a significant amount of data from Comcast’s systems. The company has not yet commented on the claims, but if they are verified, this could have major implications for the company and its customers, especially given the sensitive nature of the information involved. This is a developing story, and it is unclear what actions Comcast will take.
Reference:
