The Medusa ransomware group has claimed responsibility for a cyberattack on Comcast Corporation, alleging it exfiltrated 834 gigabytes of data from the media and technology giant. On its dark web site, the group set a $1.2 million ransom, demanding payment either to prevent the data from being leaked or to allow outside buyers to access it. To support its claims, Medusa published about 20 screenshots of internal files and a directory containing over 167,000 entries, including actuarial reports, insurance modelling scripts, and SQL databases.

The attack was disclosed on September 26, 2025, and appears to involve financial and actuarial datasets, including files tied to insurance calculations and claim management. Medusa is known for releasing file listings and partial screenshots to pressure victims, escalating leaks if ransoms go unpaid. Comcast, which owns NBCUniversal and operates major networks, film studios, and streaming platforms, has not yet confirmed the breach. If verified, the company could face regulatory scrutiny due to the potential exposure of sensitive customer or business data.

Medusa has targeted several high-profile organizations in 2025, including NASCAR, where a $4 million demand was followed by a confirmed data breach. Cybersecurity experts warn the Comcast incident underscores the ongoing risk posed by ransomware groups. Darren Guccione, CEO of Keeper Security, said the case highlights the need for stronger defenses such as phishing-resistant multi-factor authentication, zero-trust security models, and privileged access controls to minimize the impact of future attacks.