Brightspeed probes cybersecurity incident after hackers claim access to data of 1 million customers

Brightspeed, a U.S. fiber broadband provider serving rural and suburban communities, is investigating a potential cybersecurity incident after a hacking group claimed to have stolen sensitive information linked to more than 1 million residential customers. The company said it has not confirmed a data breach and is actively working to verify the claims.

The allegations emerged after a group identifying itself as the Crimson Collective posted messages on Telegram urging Brightspeed employees to check their email. The group asserted it possesses records tied to more than 1 million customers and threatened to release sample data if the company does not respond.

Brightspeed said it is taking the situation seriously while assessing whether unauthorized access occurred. The company described the matter as a potential cybersecurity event and said it is monitoring threats as it works to understand what happened. It added that customers, employees, stakeholders and authorities will be kept informed as details become available.

The Crimson Collective claims the data it accessed includes customer names, email addresses and phone numbers; home and billing addresses; user account details associated with session or user IDs; payment history and partial payment card information; and appointment and order records tied to customer accounts. If verified, such information could pose risks of identity theft and financial fraud.

As of now, Brightspeed has not posted a public notice on its website or social media channels confirming any customer data exposure.

Founded in 2022, Brightspeed was created after Apollo Global Management acquired local exchange assets from Lumen Technologies. Headquartered in Charlotte, North Carolina, the company operates across 20 states and has rapidly expanded its fiber network, passing more than 2 million homes and businesses with a stated goal of reaching over 5 million locations. Many of its customers rely on the service as their primary internet connection, particularly in underserved areas.

The Crimson Collective has previously been linked to high-profile intrusions. In October, the group breached a GitLab instance connected to Red Hat, resulting in the theft of hundreds of gigabytes of internal development data. That incident later led to the exposure of personal data for approximately 21,000 Japanese customers of Nissan. The group has also been associated with attacks on cloud environments, including Amazon Web Services, where exposed credentials were used to create unauthorized access accounts and escalate privileges.