Investigation into a potential security incident has been launched by British internet provider Brsk after threat actors claimed to have stolen 230,105 customer records from its systems, reports The Register . Despite not immediately confirming the cybercrime forum post brandishing the theft of customer details, including names, contact details, installation information, location data, phone numbers, and other notes, Brsk later confirmed to ISP Review that one of its customer databases was accessed without permission. The company said the breach involved only basic contact details and added that "no financial information, passwords, or account login credentials were affected." It also stated that there was "no evidence to suggest that any of the information has been misused." Brsk told customers that its main network and broadband services were not affected. The company is giving affected users 12 months of free financial, personal, and web-monitoring services provided by Experian and has notified the Information Commissioner's Office, police, and regulators.
Source: https://www.scworld.com/brief/brsk-investigates-security-incident-involving-stolen-customer-records
MARHABA TELECOMMUNICATION SYSTEMS LIMITED cybersecurity rating report: https://www.rankiteo.com/company/marhaba-telecommunication-systems-limited
"id": "MAR1764612950",
"linkid": "marhaba-telecommunication-systems-limited",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'incident': {'affected_entities': [{'customers_affected': '230,105',
'industry': 'Telecommunications',
'location': 'United Kingdom',
'name': 'Brsk',
'size': None,
'type': 'Internet Service Provider '
'(ISP)'}],
'customer_advisories': ['Notification of breach',
'Offer of free monitoring services'],
'data_breach': {'data_encryption': None,
'data_exfiltration': True,
'file_types_exposed': None,
'number_of_records_exposed': '230,105',
'personally_identifiable_information': True,
'sensitivity_of_data': 'Low (no financial or '
'login credentials)',
'type_of_data_compromised': ['basic contact '
'details',
'installation '
'information',
'location data',
'phone numbers',
'notes']},
'description': 'British internet provider Brsk launched an '
'investigation after threat actors claimed to '
'have stolen 230,105 customer records, including '
'names, contact details, installation '
'information, location data, phone numbers, and '
'other notes. Brsk confirmed unauthorized access '
'to a customer database containing basic contact '
'details but stated no financial information, '
'passwords, or account login credentials were '
'affected. The company reported no evidence of '
'misuse and assured that its main network and '
'broadband services remained unaffected. Affected '
'customers were offered 12 months of free '
'monitoring services via Experian. The '
"Information Commissioner's Office, police, and "
'regulators were notified.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': ['names',
'contact details',
'installation information',
'location data',
'phone numbers',
'other notes'],
'downtime': 'None (main network and broadband '
'services unaffected)',
'financial_loss': None,
'identity_theft_risk': 'Low (no financial or login '
'credentials exposed)',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': 'None (no financial '
'information compromised)',
'revenue_loss': None,
'systems_affected': ['customer database']},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'The Register',
'url': None},
{'date_accessed': None,
'source': 'ISP Review',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': ['Information '
"Commissioner's "
'Office '
'(ICO)',
'Police',
'Regulators']},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': ['Notification to '
'customers',
'Statement to ISP Review',
'Regulatory '
'notifications'],
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': ['Free 12-month financial, '
'personal, and '
'web-monitoring services '
'for affected customers'],
'third_party_assistance': ['Experian (monitoring '
'services)']},
'title': 'Brsk Customer Data Breach',
'type': 'Data Breach'}}