Brightspeed Customers Disconnected in Alleged Hack
▼ Summary
– A US ISP named Brightspeed is investigating a security breach where hackers claim to have stolen data on over a million customers and disrupted their internet service.
– The hacking group Crimson Collective posted a sample of the stolen data, which includes extensive personal, billing, and payment information.
– The group’s claims, including that they disconnected users’ internet, have not been confirmed, and the method of the breach is currently unknown.
– Crimson Collective previously claimed responsibility for a major attack on Red Hat’s repositories, stealing hundreds of gigabytes of data.
– A cybersecurity expert warns that breaches at ISPs have wide societal impacts due to their critical role, and stolen data is often reused or resold over time.
A major American internet service provider is currently investigating a serious security incident after a hacking group claimed to have compromised the data of over a million customers and intentionally disrupted their internet service. Brightspeed, which provides fiber internet, digital voice, and business services across twenty states, has not yet confirmed the validity of these claims. The alleged breach underscores the significant risks facing infrastructure providers and the sensitive personal information they manage.
The hacking entity, identifying itself as Crimson Collective, first announced the breach on Telegram on January 4th. The group stated it had obtained a substantial cache of personally identifiable information. It followed this announcement by posting a sample of the data the next day. Then, on January 6th, the group taunted the company directly, writing, “Hey Brightspeed, we disconnected a lot of your users’ home internet … they might be complaining you should check.” The method by which the attackers purportedly gained access to Brightspeed’s systems remains unknown.
According to the hackers, the stolen data is extensive. The compromised information allegedly includes comprehensive account master records with customer names, email and physical addresses, phone numbers, and account status details. The data set also reportedly contains precise location coordinates linked to service addresses, along with specific service type information. A significant portion of the leak involves financial data, with the group claiming to have accessed payment histories, invoice numbers, and the last four digits of credit card numbers. Even more concerning, the hackers say they obtained full payment method details, including masked card numbers, expiration dates, and cardholder names and addresses.
This incident is not Crimson Collective’s first notable cyber intrusion. The group previously claimed responsibility for a major attack in September, targeting Red Hat’s private GitLab repositories. That breach reportedly resulted in the theft of nearly 570 gigabytes of data spanning thousands of internal projects. The stolen information included hundreds of sensitive Customer Engagement Reports, which detail client networks and platforms. The fallout from that attack continued last month when it was revealed that one affected corporate customer was Nissan Fukuoka Sales.
Cybersecurity experts emphasize that breaches at internet service providers carry uniquely severe consequences. Jacob Krell, a senior director of secure AI solutions and cybersecurity at Suzu Labs, explained that these providers form the backbone of modern communication. Security failures at this level do not just cause technical problems; they can erode public trust, disrupt essential services, and even raise national security concerns. The disruption or manipulation of these critical networks affects the broader information environment that society depends upon.
The incident also highlights the professionalized nature of modern cybercrime. Data theft and extortion groups now operate with a high degree of specialization and clear financial goals. A single breach is rarely an isolated event. Stolen data frequently enters a shadow economy where it is repurposed, resold, and exploited long after the initial attack, prolonging the harm to affected individuals and organizations. For customers of any service provider, this serves as a stark reminder of the persistent digital threats that exist in today’s interconnected world.
(Source: InfoSecurity Magazine)
