Brightspeed investigates breach as crims post stolen data for sale
Summary
Internet service provider Brightspeed is investigating claims from a cybercrime group called Crimson Collective that it has stolen more than one million residential customer records and listed them for sale for three bitcoin (about $276,370). The attackers published sample files on Telegram and say the dataset includes customer/account master records, names, emails, phone numbers, billing and service addresses, session and user IDs, payment history and methods (including last four digits of cards), order records and other account data.
Brightspeed confirmed it is probing a cybersecurity event but declined to provide specifics while saying it takes network and customer security seriously. Crimson Collective described the incident as a “sophisticated attack” and initially claimed it could disconnect every user from service; the group later clarified it meant ISP coverage. The criminals also say they contacted Brightspeed prior to disclosure and will dump the data publicly in a week if it is not sold.
Key Points
- Crimson Collective claims possession of more than 1,000,000 Brightspeed customer records and has posted samples on Telegram.
- Alleged contents include names, contact and billing addresses, session/user IDs, payment history and last four digits of payment cards.
- The attackers have priced the dataset at three bitcoin and threaten to publish it publicly if it remains unsold.
- Brightspeed has confirmed an investigation but provided limited detail, stressing ongoing security and monitoring efforts.
- Crimson Collective has previously claimed breaches of other organisations, which increases the risk profile despite unverified claims.
Why should I read this?
Short version: if you or your customers use Brightspeed, this could matter — expect more phishing, fraud attempts and potential account disruption. If you don’t use Brightspeed, it’s still worth a skim: new extortion crews are active, and the tactics (data dumps, auctions, service-disruption claims) are the same playbook you’ll see elsewhere. Read the full piece so you know what to look out for and whether to reset credentials, monitor cards or warn contacts.