British telco Brsk is investigating claims that it was attacked by cybercriminals who made off with more than 230,000 files.
An advert posted to a cybercrime forum last week claimed to list 230,105 records stolen from the telco, with interested parties invited to bid for access to the data via Telegram.
According to the advert, the stolen data includes customers' full names, email and home addresses, installation details, location data, phone numbers, and indicators of whether they are considered a vulnerable person.
The Register asked Brsk to confirm the veracity of the advert, but it did not respond.
However, a company statement issued to ISP Review confirmed a database breach, with affected customers being offered fraud protection services.
A spokesperson said: "Brsk is investigating an incident involving unauthorized access to one of our customer database systems. We have established that the information involved is limited to basic customer contact information. No financial information, passwords, or account login credentials were affected. At this stage, there is no evidence to suggest that any of the information has been misused.
"We understand that incidents of this nature can cause concern, and we are treating this matter with the highest level of seriousness. We have informed affected customers, and as an additional precaution, we are offering them 12 months of free personal, financial, and web-monitoring services provided by Experian. We have also engaged spe
Source: https://www.theregister.com/2025/11/28/brsk_breach/
TPRM report: https://www.rankiteo.com/company/marhaba-telecommunication-systems-limited
"id": "mar1764353979",
"linkid": "marhaba-telecommunication-systems-limited",
"type": "Breach",
"date": "2025-11-21T00:00:00.000Z",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'incident': {'affected_entities': [{'customers_affected': '230,105',
'industry': 'telecommunications',
'location': 'United Kingdom',
'name': 'Brsk',
'size': None,
'type': 'telecommunications provider'}],
'customer_advisories': 'Affected customers notified and offered '
'12 months of free fraud protection '
'services via Experian.',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'yes (advertised for sale '
'on cybercrime forum)',
'file_types_exposed': None,
'number_of_records_exposed': '230,105',
'personally_identifiable_information': 'yes',
'sensitivity_of_data': 'high (includes PII and '
'vulnerability '
'indicators)',
'type_of_data_compromised': ['personally '
'identifiable '
'information (PII)',
'customer contact '
'information',
'installation '
'details',
'location data',
'vulnerability '
'indicators']},
'description': 'British telco Brsk is investigating claims of a '
'cyberattack where over 230,000 customer records '
'were stolen. The compromised data includes full '
'names, email and home addresses, installation '
'details, location data, phone numbers, and '
'indicators of vulnerability. The data was '
'advertised for sale on a cybercrime forum, with '
'bidding conducted via Telegram. Brsk confirmed '
'the breach but stated no financial information, '
'passwords, or login credentials were exposed. '
'Affected customers are being offered 12 months '
'of free fraud protection services via Experian.',
'impact': {'brand_reputation_impact': 'potential reputational '
'damage due to exposure of '
'sensitive customer data',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': ['full names',
'email addresses',
'home addresses',
'installation details',
'location data',
'phone numbers',
'vulnerability indicators'],
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'high (due to exposure of PII)',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': 'none (confirmed by Brsk)',
'revenue_loss': None,
'systems_affected': ['customer database system']},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': 'yes '
'(advertised '
'on '
'cybercrime '
'forum with '
'bidding via '
'Telegram)',
'entry_point': None,
'high_value_targets': ['customer '
'database'],
'reconnaissance_period': None},
'investigation_status': 'ongoing',
'motivation': ['financial gain', 'data theft'],
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'The Register',
'url': None},
{'date_accessed': None,
'source': 'ISP Review',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': ['statement to ISP Review',
'notification to '
'affected customers'],
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': 'yes '
'(investigation '
'ongoing)',
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': ['offering 12 months of free '
'personal, financial, and '
'web-monitoring services to '
'affected customers'],
'remediation_measures': None,
'third_party_assistance': ['Experian (fraud '
'protection services)']},
'title': 'Brsk Customer Database Breach',
'type': ['data breach', 'unauthorized access']}}