Brightspeed Investigates Alleged Data Breach Impacting Over 1 Million Customers
A U.S. internet service provider (ISP), Brightspeed, is investigating a claimed security breach after the hacking group Crimson Collective alleged it obtained sensitive data on over one million customers and disrupted connectivity. Brightspeed, which provides high-speed fiber internet, digital voice, and business services across 20 states, has not confirmed the breach or the extent of the impact.
On January 4, Crimson Collective posted on Telegram, asserting it had acquired personally identifiable information (PII), including:
- Account details (names, emails, billing addresses, phone numbers, service status, and network assignments)
- Geolocation data (latitude/longitude coordinates, service types)
- Payment records (transaction IDs, dates, amounts, invoice numbers, card types, last four digits of card numbers)
- Payment methods (masked credit card numbers, expiry dates, cardholder names, BINs)
- Appointment and order records
The group later taunted Brightspeed on January 6, claiming it had "disconnected a lot of your users’ home internet" and suggesting the ISP check for customer complaints. The method of the alleged breach remains unclear.
This is not Crimson Collective’s first high-profile attack. In September, the group breached Red Hat’s private GitLab repositories, stealing 570GB of data—including 800 Customer Engagement Reports (CERs)—from 28,000 internal projects. One affected customer was later revealed to be Nissan Fukuoka Sales.
Cybersecurity experts warn that breaches targeting ISPs carry broader risks, given their role in critical communications. Jacob Krell of Suzu Labs noted that such incidents can have societal and national security implications, eroding public trust and disrupting service continuity. He also highlighted the evolving cybercrime economy, where stolen data is frequently resold or reused, prolonging the fallout beyond the initial breach.
Source: https://www.infosecurity-magazine.com/news/hackers-disconnect-brightspeed/
Brightspeed cybersecurity rating report: https://www.rankiteo.com/company/brightspeed
"id": "BRI1767785538",
"linkid": "brightspeed",
"type": "Breach",
"date": "1/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Over 1 million',
'industry': 'Telecommunications',
'location': 'United States',
'name': 'Brightspeed',
'type': 'Internet Service Provider (ISP)'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': 'Over 1 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (PII, payment information)',
'type_of_data_compromised': ['Account master records (names, '
'email, service/billing '
'addresses, phone numbers, '
'account status, network type, '
'consent flags, billing system, '
'service instance, network '
'assignment, site IDs)',
'Address latitude and longitude '
'coordinates, service type, '
'marketing profile codes',
'Payment history (payment IDs, '
'dates, amounts, invoice '
'numbers, card types, last four '
'digits of card numbers)',
'Payment methods (default '
'payment method IDs, gateways, '
'masked credit card numbers, '
'expiry dates, BINs, cardholder '
'names and addresses, status '
'flags)',
'Appointment/order records for '
'billing accounts']},
'date_publicly_disclosed': '2024-01-04',
'description': 'A US internet service provider (ISP) experienced a security '
'breach where threat actors claimed to have obtained '
'information on over one million customers and disrupted their '
'connectivity. The hacking group Crimson Collective posted '
'samples of personally identifiable information (PII) and '
"claimed responsibility for disconnecting users' home "
'internet.',
'impact': {'brand_reputation_impact': 'High',
'customer_complaints': 'Likely due to service disruptions',
'data_compromised': 'Over 1 million customer records',
'identity_theft_risk': 'High',
'operational_impact': 'Disrupted home internet services for '
'customers',
'payment_information_risk': 'High',
'systems_affected': 'Customer connectivity, billing systems'},
'investigation_status': 'Ongoing',
'motivation': 'Extortion, Data Theft',
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'date_accessed': '2024-01-04',
'source': 'Telegram (Crimson Collective)'},
{'source': 'News Article'}],
'threat_actor': 'Crimson Collective',
'title': 'Brightspeed Customer Data Breach and Service Disruption by Crimson '
'Collective',
'type': 'Data Breach, Service Disruption'}