U.S. telecom Brightspeed faces multiple lawsuits over January data breach

U.S. telecommunications company Brightspeed is facing multiple class action lawsuits for failing to protect customers’ personal information during a data security incident that impacted over 1 million customers.

 

The telecommunications and broadband services company, which provides services to more than 7 million customers across twenty states in the U.S., told the Charlotte Observer in January that it was investigating reports of a data security incident not long after a hacker group claimed a major theft of customer data. 
  
"We take the security of our networks and the protection of our customers’ and employees’ information seriously, and are rigorous in securing our networks and monitoring threats," Brightspeed said. "We are currently investigating reports of a cybersecurity event. As we learn more, we will keep our customers, employees, and authorities informed."

 

The statement followed a cyber criminal group, calling itself the Crimson Collective, announcing on its Telegram channel that it hacked into the telecom company’s network and stolen the personally identifiable information of more than one million customers.

 

According to the group, the compromised data included Brightspeed subscribers’ names, email addresses, phone numbers, billing and service addresses, account status, latitude and longitude coordinates, account numbers and masked payment card numbers.

 

The stolen data also included billuing and account information, including invoice numbers, payment histories, payment dates and amounts, communication preferences, maximum bandwidth, and appointment details. Crimson Collective released a sample of the stolen data on its Telegram channel on January 5.

 

A couple of days later, the hacker group added that it had disconnected a lot of users’ home internet, possibly in an attempt to make the company establish contact and negotiate a ransom payment in exchange for the stolen data. 
 
On Friday, Top Class Actions reported that four Brightspeed customers had filed parallel class action lawsuits against the company, alleging that the company failed to properly secure and safeguard customer data during the data security incident in January.

 

The class action lawsuits, filed in federal courts in North Carolina, Ohio, Virginia and Texas, said the data breach in January placed over one million Brightspeed customers at heightened risk of internet fraud, identity theft, invasion of privacy and other criminal activities.

 

One of the suits alleged that Brightspeed failed "to take available steps to prevent unauthorized disclosure of data and failing to follow applicable, required and appropriate protocols, policies, and procedures regarding the encryption of data, even for internal use."

 

The class action lawsuits have urged the federal courts to direct Brightspeed to improve data security measures, pay monetary damages to the affected customers, cover their attorneys’ fees and provide complementary credit monitoring services to help secure their data from risks of fraud.