1 Million Brightspeed Customers Allegedly Exposed in Cyberattack

Brightspeed, a telecommunications company operating across 20 U.S. states, is investigating claims of a major data breach following a statement from the hacking group known as Crimson Collective.

The group claims they had gained access to the personal data of more than one million customers, including details that could be used for financial fraud and identity theft.

Crimson Collective made the announcement through their Telegram channel and has been accompanied by what appears to be proof-of-access, shared with cybersecurity researchers. Brightspeed has not confirmed the breach but has stated it is treating the situation seriously and will release further updates as its internal investigation progresses.

Why It Matters: The possible breach places a large customer base at risk of data misuse and could leave Brightspeed to face significant consequences. This case also points to persistent vulnerabilities within internet service providers and the growing use of extortion tactics by hacker groups.

• Brightspeed Has Acknowledged Reports and Launched an Internal Review: The company released a public statement indicating that its security team is actively investigating the situation following claims made by Crimson Collective. Brightspeed emphasized that it maintains strict monitoring protocols and information security practices, but will need time to determine whether the alleged theft occurred and what systems may have been accessed.

• Crimson Collective Claims Possession of Detailed Personal and Financial Data: The hacking group posted on Telegram that it had stolen data affecting over one million individuals, including personal identifiers such as names, email addresses, phone numbers, billing information, service records, and partial payment card data. The group also suggested they might release a sample of the information, hinting at an extortion attempt and pressuring Brightspeed to respond.

• Proof Shared With Security Researchers Suggests Access to Customer Records: Cybersecurity experts who monitor activity on the dark web reported receiving samples of data allegedly stolen from Brightspeed. These records included what appeared to be appointment schedules, user ID-linked information, and service history. Analysts are reviewing the material to verify its authenticity and trace the source of the data.

• Hacked By a Repeat Offender: Crimson Collective is linked to earlier incidents, including the 2025 Red Hat breach, where hackers accessed approximately 570 gigabytes of internal development files. In that case, they collaborated with other groups and published stolen data in an attempt to pressure the company. That breach later affected third parties, including Nissan, which disclosed a customer data exposure.

• Attackers Continue to Target Vulnerable Cloud Infrastructure and Privileged Accounts: In addition to direct attacks on company systems, Crimson Collective has also pursued unauthorized access to cloud-based environments using compromised credentials. They have created unauthorized user accounts to move through systems unnoticed, giving them access to sensitive files and administrative settings. These methods raise concerns about how infrastructure is being monitored and secured by service providers like Brightspeed.

Go Deeper -> US broadband provider Brightspeed investigates breach claims – BleepingComputer

Brightspeed Investigating Cyberattack – SecurityWeek