Brightspeed, one of many largest fiber broadband corporations in the US, is investigating safety breach and information theft claims made by the Crimson Collective extortion gang.
Based in 2022, the U.S. telecommunications and Web service supplier (ISP) serves rural and suburban communities throughout 20 states.
“We take the safety of our networks and safety of our prospects’ and staff’ data severely and are rigorous in securing our networks and monitoring threats. We’re at present investigating experiences of a cybersecurity occasion,” Brightspeed informed BleepingComputer. “As we study extra, we’ll maintain our prospects, staff and authorities knowledgeable.”
The assertion after Crimson Collective mentioned in a Sunday replace on their Telegram channel that that they had stolen delicate data belonging to over 1 million Brightspeed prospects.
The risk actors declare the stolen information comprises buyer/account particulars with personally identifiable data (PII), deal with data, person account data linked to session/person IDs (together with names, emails, and cellphone numbers), cost historical past, some cost card data, and appointment/order information containing buyer PII.
“If anybody has somebody working at BrightSpeed, inform them to learn their mails quick! We’ve got in our palms over 1m+ residential person PII’s,” they mentioned, including that “pattern shall be dropped on monday evening time, letting them a while first to reply to us.”
In October, the hacking group additionally breached considered one of Pink Hat’s GitLab situations, stealing roughly 570GB of knowledge throughout 28,000 inner growth repositories, an incident that impacted the enterprise software program big’s consulting division.
After the incident, Crimson Collective partnered with the Scattered Lapsus$ Hunters hacker collective and used their ShinyHunters information leak website as a part of their makes an attempt to extort Pink Hat.
In December, Nissan confirmed that the non-public data of roughly 21,000 Japanese prospects (together with names, bodily addresses, cellphone numbers, and e mail addresses) was compromised within the Pink Hat information breach.
Since then, Crimson Collective has additionally focused AWS (Amazon Internet Companies) cloud environments to steal information and extort corporations, utilizing uncovered AWS credentials and creating rogue id and entry administration (IAM) accounts to escalate privileges.
It is funds season! Over 300 CISOs and safety leaders have shared how they’re planning, spending, and prioritizing for the 12 months forward. This report compiles their insights, permitting readers to benchmark methods, establish rising traits, and evaluate their priorities as they head into 2026.
Find out how high leaders are turning funding into measurable influence.
