Brightspeed Probes Data Breach Claims
▼ Summary
– Brightspeed, a major U.S. fiber broadband provider, is investigating a potential security breach and data theft claimed by the Crimson Collective extortion gang.
– The threat actors allege they have stolen sensitive data from over 1 million customers, including personal information, payment history, and account details.
– Crimson Collective previously breached Red Hat’s systems in October, stealing a large volume of internal data that later impacted Nissan customers.
– The gang has also targeted AWS cloud environments by exploiting credentials and creating unauthorized accounts to escalate access and extort companies.
– Brightspeed states it is rigorously investigating the reports and will inform customers, employees, and authorities as it learns more.
A major American fiber broadband provider is currently investigating serious allegations of a data breach following claims from a known cybercriminal group. Brightspeed, a telecommunications firm serving numerous rural and suburban areas, has confirmed it is looking into reports of a cybersecurity incident. The company emphasizes its commitment to network security and customer data protection, stating it will provide updates to customers, employees, and authorities as the investigation progresses.
The situation escalated when the Crimson Collective extortion gang announced on its Telegram channel that it had successfully stolen sensitive information. The group alleges the compromised data set includes details for more than one million residential customers. According to their statements, the stolen information encompasses a wide range of personal and financial records.
The threat actors claim the stolen data contains extensive personally identifiable information (PII), including customer account details, addresses, and user session IDs linked to names, emails, and phone numbers. Furthermore, they assert the haul includes payment history, some payment card information, and appointment records that also contain customer PII. In a taunting message, the collective warned Brightspeed employees to check their emails quickly, noting a sample of the data would be released publicly if the company did not respond.
This is not the first high-profile incident linked to Crimson Collective. Last October, the group breached a GitLab instance belonging to Red Hat, making off with approximately 570GB of data from internal development repositories. That breach ultimately impacted Red Hat’s consulting division and led to a partnership between Crimson Collective and another hacker group, Scattered Lapsus$ Hunters. They utilized the well-known ShinyHunters data leak site in their extortion attempts against the software giant.
The fallout from the Red Hat breach was significant, with Nissan later confirming in December that personal information for about 21,000 of its customers in Japan was compromised as a result. The data exposed in that incident included names, physical addresses, phone numbers, and email addresses. Following these activities, Crimson Collective has shifted some focus to targeting cloud environments.
The group has been actively exploiting exposed AWS credentials to infiltrate Amazon Web Services cloud accounts. Their method involves creating unauthorized Identity and Access Management (IAM) accounts to escalate privileges within a victim’s environment, allowing them to steal data and subsequently extort the targeted companies. This pattern of behavior highlights the evolving tactics of cyber extortion groups targeting large enterprises and critical service providers. Brightspeed’s investigation is ongoing as it works to verify the claims and assess the potential impact on its customer base.
(Source: Bleeping Computer)
