- Crimson Collective claims to have stolen PII on 1M+ Brightspeed customers, including names, emails, phone numbers, and partial payment data
- Brightspeed has not confirmed the breach, saying it is investigating reports of a cybersecurity event
- The company, headquartered in Charlotte, NC, operates fiber broadband across 20 states and serves millions of premises
One of the biggest fiber broadband companies in the United States, Brightspeed, is said to be investigating a potential breach and data theft affecting more than a million customers.
Last weekend, a hacking group calling itself the Crimson Collective posted a new message on its Telegram channel, notifying their followers about the attack:
“If anyone has someone working at BrightSpeed, tell them to read their mails fast! We have in our hands over 1m+ residential user PII’s,” the group was cited saying. It also added that it will release samples on Monday night, “letting them some time first to answer to us.”
According to Crimson Collective, that personally identifiable information (PII) they stole includes people’s names, email addresses, phone numbers, postal addresses, user account information linked to session/user IDs, payment history, partial payment card information, and appointment/order records.
Brightspeed is yet to confirm or deny these claims. The company’s website and social channels have no mention of a breach, and the company told the media that it’s currently looking into it:
“We take the security of our networks and protection of our customers’ and employees’ information seriously and are rigorous in securing our networks and monitoring threats. We are currently investigating reports of a cybersecurity event,” Brightspeed told BleepingComputer. “As we learn more, we will keep our customers, employees and authorities informed.”
Brightspeed is a US telecommunications and broadband provider headquartered in Charlotte, North Carolina. It was formed in 2022 after Apollo Global Management acquired local exchange assets from Lumen Technologies. The company builds and operates high-speed fiber broadband and traditional internet and voice services across 20 states in the Midwest, Southeast, and Mid-Atlantic regions.
According to Crimson Collective, that personally identifiable information (PII) they stole includes people’s names, email addresses, phone numbers, postal addresses, user account information linked to session/user IDs, payment history, partial payment card information, and appointment/order records.
Brightspeed is yet to confirm or deny these claims. The company’s website and social channels have no mention of a breach, and the company told the media that it’s currently looking into it:
“We take the security of our networks and protection of our customers’ and employees’ information seriously and are rigorous in securing our networks and monitoring threats. We are currently investigating reports of a cybersecurity event,” Brightspeed told BleepingComputer. “As we learn more, we will keep our customers, employees and authorities informed.”
Brightspeed is a US telecommunications and broadband provider headquartered in Charlotte, North Carolina. It was formed in 2022 after Apollo Global Management acquired local exchange assets from Lumen Technologies. The company builds and operates high-speed fiber broadband and traditional internet and voice services across 20 states in the Midwest, Southeast, and Mid-Atlantic regions.
