Telecom providers face legal and regulatory fallout after major data breaches and service disruption
Comcast moved toward resolving litigation tied to its 2023 Citrix Bleed-linked breach, after a federal judge in Pennsylvania granted preliminary approval to a $117.5M settlement covering two dozen class actions. The incident was reported as potentially affecting ~30M current and former customers; proposed relief includes three years of credit/identity monitoring plus either reimbursement of documented losses (up to $10,000) or a $50 cash option, while Comcast continues to deny liability despite not opposing preliminary approval.
Separately, South Korea’s SK Telecom rejected a government-affiliated consumer agency’s proposed compensation framework for a personal data leak, declining a plan that would pay 100,000 won (~$69.40) per affected petitioner and potentially scale to a much larger total cost; the rejection leaves claimants to pursue individual civil suits. In a different telecom-related development not tied to a breach, the FCC opened a dedicated intake channel to collect customer reports as it investigates the January 14 Verizon outage that disrupted calling/texting for roughly 10 hours, including impacts to 911 access; Verizon attributed the disruption to a software issue and offered customer credits.
Related Entities
Organizations
Sources
Related Stories
Class-action settlements tied to data exposure and privacy claims
Comcast agreed to pay **$117.5M** to settle a class action tied to a large-scale breach disclosed in late 2023 that potentially affected **31M+** people. Comcast attributed the intrusion to **CitrixBleed** (Citrix NetScaler ADC/Gateway), a vulnerability that can enable **session hijacking** and credential theft; researchers warned stolen session tokens could remain valid even after patching, extending attacker access. The proposed settlement (preliminarily approved) provides reimbursement for documented losses (up to **$10,000** per person) and compensation for time spent responding, while Comcast denies wrongdoing. Separately, Google agreed to pay **$135M** to settle Android users’ claims that devices transmitted data to Google servers over **cellular networks** in the background without meaningful consent, with individual payouts capped (reported up to **$100**) and additional **injunctive relief** requiring clearer disclosures and express consent during setup. Two dermatology practices also reached settlements over cybersecurity incidents exposing patient data; one New Jersey practice reported unauthorized network access spanning **Dec 2023–Mar 2024** and exposure of **PHI/PII** (including SSNs and treatment/insurance data) affecting **373,630** individuals, offering cash benefits plus credit monitoring/identity protection while denying liability.
1 months agoCustomer Data Breaches at Major Telecommunications Providers
British telecommunications company Brsk confirmed unauthorized access to one of its customer database systems, resulting in the exposure of over 230,000 customer records. The stolen data, which was advertised for sale on a cybercrime forum, included full names, email and home addresses, installation details, location data, phone numbers, and indicators of vulnerability status. Brsk stated that no financial information, passwords, or account credentials were compromised, and there is no evidence of misuse so far. The company has notified affected customers, offered them 12 months of free monitoring services, and reported the incident to relevant authorities, including the ICO and police. Separately, Comcast agreed to pay a $1.5 million fine to settle an FCC investigation into a February 2024 vendor data breach that exposed the personal and financial information of nearly 275,000 customers. The breach occurred at Financial Business and Consumer Solutions (FBCS), a former debt collection vendor, and included names, addresses, Social Security numbers, dates of birth, and account numbers. Comcast has committed to enhanced vendor oversight, regular risk assessments, and improved compliance reporting as part of the settlement. Both incidents highlight the ongoing risks to customer data in the telecommunications sector, whether from direct attacks or third-party vendor breaches.
3 months ago
SK Telecom Lawsuit to Overturn Record Fine for USIM Data Breach Disclosure Delays
**SK Telecom** filed a lawsuit with the **Seoul Administrative Court** seeking to revoke a record **135 billion won (US$91 million)** penalty imposed by South Korea’s **Personal Information Protection Commission (PIPC)** following a cyberattack and subsequent data leak affecting the carrier’s entire **23 million-user** base. Reporting indicates the fine was issued after SK Telecom **belatedly disclosed** a breach of its servers that exposed **universal subscriber identity module (USIM)** information, and the company moved to challenge the decision just ahead of the deadline to seek revocation. The PIPC penalty is described as the **largest ever** issued by the regulator since its establishment, exceeding the combined fines levied against **Meta** and **Google** in 2022. In response to the incident and regulatory scrutiny, SK Telecom offered **free USIM replacements** to users and is expected to argue that its post-incident security spending and reforms, along with the absence of reported direct subscriber financial losses, warrant reconsideration and that the fine is disproportionate compared with prior enforcement actions.
1 months ago