Fiber broadband giant investigates breach affecting 1 million users

Brightspeed, one of the largest fiber broadband providers in the United States, is investigating allegations that hackers stole sensitive data linked to more than 1 million customers.

The allegations arose when a group calling itself Crimson Collective posted messages on Telegram warning Brightspeed employees to check their email. The group claims it has access to more than 1 million residential customer records and threatened to release sample data if the company does not respond.

So far, Brightspeed has not confirmed any violations. However, the company says it is actively investigating what it calls a possible cybersecurity event.

DATA BREACH EXPOSES THE INFORMATION OF 400,000 BANK CUSTOMERS

Sign up to receive my FREE CyberGuy reportGet my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM fact sheet

What hackers say they stole

According to Crimson Collective, the stolen data includes a wide range of personally identifiable information. The group claims it has access to:

• Customer names, email addresses and phone numbers.
• Home and billing addresses
• User account details linked to session or user ID
• Payment history and partial payment card information
• Appointment and order records linked to customer accounts

If accurate, that combination of data could create serious identity theft and fraud risks for affected customers.

Brightspeed responds to accusations

Brightspeed says it takes the situation seriously, even as it continues to verify the claims.

In a statement shared with BleepingComputer, the company said it is rigorously monitoring the threats and working to understand what happened. Brightspeed added that it will keep customers, employees and authorities informed as more details become available.

So far, there has been no public notice on Brightspeed’s website or social media channels confirming the exposure of customer data.

Who is Brightspeed and why is it important?

Brightspeed is a US telecommunications and internet service provider founded in 2022 after Apollo Global Management acquired local exchange assets from Lumen Technologies.

Headquartered in Charlotte, North Carolina, the company serves rural and suburban communities in 20 states. It has rapidly expanded its fiber presence, passing through more than 2 million homes and businesses and aiming to reach more than 5 million locations.

Because Brightspeed focuses on underserved areas, many customers rely on it as their primary Internet provider. That makes any potential breach especially concerning.

A Closer Look at Crimson Collective

Crimson Collective is no stranger to high-profile targets. In October, the group breached a GitLab instance linked to Red Hat and stole hundreds of gigabytes of internal development data.

That incident later spread. In December, Nissan confirmed that the personal data of about 21,000 Japanese customers was exposed through the same breach.

More recently, researchers say Crimson Collective has targeted cloud environments, including Amazon Web Services, by abusing exposed credentials and creating fraudulent access accounts to escalate privileges.

In other words, the group has a track record that makes its claims difficult to ignore.

What this could mean for customers

Although Brightspeed has not confirmed a breach, the claims alone are enough to raise red flags. If customer data were accessed, it could be used for phishing scams, account takeover, or payment fraud.

Cybercriminals often act quickly after breaches. That means customers should remain alert even before an official notice appears.

CyberGuy contacted Brightspeed for comment and a spokesperson told us:

“We take the security of our networks and the protection of our customers’ and employees’ information seriously and are rigorous in securing our networks and monitoring for threats. We are currently investigating reports of a cybersecurity event. As we learn more, we will keep our customers, employees, stakeholders and authorities informed.”

SCAMS INCREASE IN JANUARY: WHY FRAUD SPREADS AT THE BEGINNING OF THE YEAR

How to protect your personal data and online accounts

Even if this Brightspeed investigation doesn’t end up affecting your account, it’s worth taking these steps. Most data breaches carry the same downstream risks, such as phishing scams, account takeovers, and identity theft. Developing these habits now can help you protect yourself on all of your online accounts.

1) Be alert for phishing attempts

Scammers often take advantage of breach headlines to create panic. Be wary of emails, calls, or text messages that mention billing issues with your Internet account or changes to service. If a message creates urgency or pressure, pause before responding.

2) Avoid suspicious links and attachments

Do not click on links or open attachments linked to account notices or payment problems. Instead, open a new browser window and go directly to the company’s official website or app. Powerful antivirus software adds another layer of protection against malicious downloads.

The best way to protect yourself from malicious links that install malware and potentially access your private information is to have powerful antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best antivirus protection winners of 2026 for your Windows, Mac, Android, and iOS devices at Cyberguy.com

3) Update your account passwords

Change the password for your Brightspeed account and review the passwords for other important accounts. Use strong, unique passwords that you don’t reuse anywhere else. A reliable password manager can generate and store complex passwords, making account takeover very difficult.

Next, check to see if your email has been exposed in previous breaches. Our #1 password manager pick (see Cyberguy.com/Passwords) includes a built-in breach scanner that checks to see if your email address or passwords have appeared in known breaches. If you discover a match, immediately change any reused passwords and protect those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com

4) Reduce your data footprint

Personal data is silently spread between data broker sites. Using a data deletion service can help limit the amount of your information that is publicly available. Less exposed data means fewer opportunities for scammers to target you.

While no service can guarantee complete removal of your data from the Internet, a data deletion service is truly a smart choice. They are not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to delete your personal data from the Internet. By limiting the information available, you reduce the risk of scammers cross-referencing leak data with information they can find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already available on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already available on the web: Cyberguy.com

5) Activate account alerts

Brightspeed allows customers to activate account and billing alerts through the My Brightspeed site or app. You can choose which notifications to receive via email or text message. Alerts can help you detect unusual activity early and respond before further damage occurs.

6) Keep a close eye on your financial accounts

Check your bank and credit card statements frequently. Look for small or unknown charges, as criminals sometimes test stolen data with low-cost transactions before attempting a larger fraud.

7) Consider fraud alerts or credit freezes

If sensitive information may have been exposed, placing a fraud alert or freezing credit can add protection. These steps make it difficult for criminals to open new accounts in your name. For more information on how to do this, go to Cyberguy.com and search “How to freeze your credit.”

You may also want to consider an identity theft protection service that monitors suspicious activity and sends alerts. Identity theft companies can monitor personal information such as your Social Security number (SSN), phone number, and email address, and alert you if it is sold on the dark web or used to open an account. They can also help you freeze your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best options on how to protect yourself from identity theft at Cyberguy.com

Kurt’s Key Takeaways

Brightspeed’s research is still in development and the company says it will share updates as it learns more. Until then, the claims highlight how valuable customer data has become and how aggressively extortion groups are targeting infrastructure providers. For customers, caution is the best defense. For companies, transparency and speed will be important if these claims turn out to be real.

Do you think companies are doing enough to keep your personal data safe? Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE News APP

Sign up to receive my FREE CyberGuy report Receive my best Get tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM fact sheet

Copyright 2026 CyberGuy.com. All rights reserved.