Brightspeed probes alleged cyberattack after hackers claim data theft affecting 1 million customers

Brightspeed, a U.S. fiber broadband provider serving rural and suburban communities across 20 states, is investigating claims that its systems were breached after a hacking group asserted it had stolen personal data belonging to more than 1 million customers.

The investigation follows public claims by Crimson Collective, which said it exfiltrated sensitive customer information from Brightspeed’s systems. The group alleged the stolen data includes names, billing and physical addresses, email addresses, phone numbers, account status details, service records, payment histories, and some payment-related information.

Brightspeed confirmed that it is reviewing the situation after reports of a cybersecurity incident. The company said it is actively investigating the claims and will keep customers, employees, and authorities informed as more information becomes available. Brightspeed added that it takes the security of its networks and the protection of customer and employee information seriously and maintains rigorous monitoring and safeguards against cyber threats.

Founded in 2022, Brightspeed operates one of the largest fiber broadband networks in the United States and serves more than 1 million residential and business customers.

Crimson Collective said it provided proof of possession of the alleged data to cybersecurity professionals who track activity on underground forums. The group also warned that it could release a sample of the stolen information if its demands are not addressed, though Brightspeed has not confirmed whether any data has been accessed or exfiltrated.

The hacking group is known for prior high-profile extortion attempts. Last year, Crimson Collective targeted Red Hat after breaching one of its GitLab instances and claiming the theft of approximately 570 gigabytes of data from about 28,000 internal development repositories tied to the company’s consulting division.

The Red Hat incident later had downstream effects. In December 2025, Nissan disclosed that personal information belonging to roughly 21,000 customers in Japan was compromised as a result of the breach, including names, addresses, phone numbers, and email addresses.

Crimson Collective has also been linked to attacks involving cloud environments, including efforts to exploit exposed credentials and create unauthorized identity and access management accounts in order to escalate privileges and steal data from platforms such as Amazon Web Services.

Brightspeed said the investigation remains ongoing and that it would be inappropriate to speculate while technical analysis continues. No evidence has yet been publicly confirmed regarding the scope of any potential data exposure or the authenticity of the hackers’ claims.