Crimson Collective, an emerging extortion group, claims to have breached U.S. fiber broadband provider Brightspeed, stealing data on over 1 million residential customers and disconnecting many from home internet service.<\/p>\n
The group posted screenshots on Telegram detailing the alleged compromise and urging Brightspeed employees<\/a> to \u201cread their mails fast.\u201d\u200b<\/p>\n On January 4, 2026, Crimson Collective announced possession of extensive customer datasets from Brightspeed, a major ISP serving rural and suburban areas across 20 states.<\/p>\n The post listed compromised records, including customer master files with full PII such as names, emails, phone numbers, billing\/service addresses, account status, and network details like fiber\/copper\/4G types, bandwidth limits, and geolocation coordinates.<\/p>\n Additional data encompasses payment histories (IDs, amounts, masked card numbers with last four digits, expiry dates, BINs, holder info), appointment records with technician dispatch details, marketing profiles, and suspension reasons.\u200b<\/p>\n The actors released data samples on January 5 as threatened, and claimed a \u201csophisticated attack\u201d enabling user disconnections from ISP service, which was later clarified as home internet, not mobile.<\/p>\n They are offering the full dataset for three Bitcoin (about $276,370), with plans to leak it online within a week if unsold.\u200b<\/p>\n Brightspeed confirmed it is \u201cinvestigating reports of a cybersecurity event\u201d and takes network security seriously, promising updates to customers, staff, and authorities.<\/p>\n Spokesperson Gene Rodriguez Miller emphasized rigorous threat monitoring but declined to provide specifics on the claims. No evidence of service outages has been widely reported, though the group alleges proactive disruptions.\u200b<\/p>\n Crimson Collective gained notoriety in 2025 for breaching Red Hat\u2019s GitLab repositories<\/a>, exfiltrating 570GB of data that later impacted 21,000 Nissan customers\u2019 PII.<\/p>\n They collaborated with Scattered Lapsus$ Hunters<\/a> (ShinyHunters-linked) for extortion and have targeted AWS environments via credential abuse. The group has not disclosed intrusion methods for Brightspeed but hinted at ignored pre-disclosure emails.\u200b<\/p>\n Affected customers face risks of phishing, identity theft, and targeted attacks from exposed PII and partial payment data, though full cards or passwords were not claimed stolen.<\/p>\n Cybersecurity experts urge monitoring accounts and enabling MFA, as the incident highlights vulnerabilities in telecom infrastructure. Federal probes may follow, given Brightspeed\u2019s critical role. As of January 7, no full breach confirmation exists, but samples appear authentic per the researcher\u2019s cross-checks.\u200b<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Crimson Collective Claims to have Disconnected Many Brightspeed Home Internet Users<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjVr5NkPdkmu9ok3Saj0CiPPdsvgdU9SPrqio0pAh3eSstKQItVVni1ajeTv2iHMkC0RgG8zLcifmGFJlxRT1pWMM_UBAiwhfS2eVze5FxchJvSnvVL2uYcqU6ovB8zs4mYFrBxIIZK-LNOFBabmBzoHMHEc65VQBugUTwtrViIFiWTVfSEIx-jfbcMnWmC\/w640-h558\/Bright2.webp?ssl=1\")
<\/figure>\n<\/div>\n![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjzqZVAwyOs5igcabb5q_6Fx8A9K2mtWbxn4Wt2TndFa527c9SwHQbKFaOQXLwaHFOtUvhmbbUEOFQCjgBo5qRXnoIoZgmuYBfnaXFMcG1UKli3xZi4e24Xj2zAB-ZS0uzz7TY-95ekPEs7GiGKsSa38xoYX5Ybw4JdjNTDgOeEoJyHgD_hjPi9mjLVay7e\/s16000\/bright1.webp?ssl=1\")
<\/figure>\n<\/div>\nBrightspeed\u2019s Response<\/strong><\/h2>\n