Fiber broadband giant investigates breach affecting 1M users

Brightspeed, one of the largest fiber broadband providers in the United States, is investigating claims that hackers stole sensitive data tied to more than one million customers.

The allegations surfaced when a group calling itself the Crimson Collective posted messages on Telegram warning Brightspeed employees to check their email. The group claims it has access to over one million residential customer records and threatened to release sample data if the company does not respond.

At this point, Brightspeed has not confirmed a breach. However, the company says it is actively investigating what it calls a potential cybersecurity event.

What the hackers say they stole

According to Crimson Collective, the stolen data includes a wide range of personally identifiable information. The group claims it has access to:

• Customer names, email addresses and phone numbers
• Home and billing addresses
• User account details linked to session or user IDs
• Payment history and partial payment card information
• Appointment and order records tied to customer accounts

If accurate, that combination of data could create serious identity theft and fraud risks for affected customers.

Brightspeed responds to the allegations

Brightspeed says it takes the situation seriously, even as it continues to verify the claims.

In a statement shared with BleepingComputer, the company said it is rigorously monitoring threats and working to understand what happened. Brightspeed added that it will keep customers, employees and authorities informed as more details become available.

So far, there has been no public notice on Brightspeed’s website or social media channels confirming customer data exposure.

Who Brightspeed is and why this matters

Brightspeed is a U.S. telecommunications and internet service provider founded in 2022 after Apollo Global Management acquired local exchange assets from Lumen Technologies.

Headquartered in Charlotte, North Carolina, the company serves rural and suburban communities across 20 states. It has rapidly expanded its fiber footprint, passing more than two million homes and businesses and aiming to reach over five million locations.

Because Brightspeed focuses on underserved areas, many customers rely on it as their primary internet provider. That makes any potential breach especially concerning.

A closer look at Crimson Collective

Crimson Collective is not new to high-profile targets. In October, the group breached a GitLab instance tied to Red Hat, stealing hundreds of gigabytes of internal development data.

That incident later rippled outward. In December, Nissan confirmed that personal data for about 21,000 Japanese customers was exposed through the same breach.

More recently, researchers say Crimson Collective has targeted cloud environments, including Amazon Web Services, by abusing exposed credentials and creating rogue access accounts to escalate privileges.

In other words, the group has a track record that makes its claims hard to ignore.

What this could mean for customers

Even though Brightspeed has not confirmed a breach, the claims alone are enough to raise red flags. If customer data was accessed, it could be used for phishing scams, account takeovers or payment fraud.

Cybercriminals often move fast after breaches. That means customers should stay alert even before an official notice appears.

CyberGuy reached out to Brightspeed for comment, and a spokesperson told us,

“We take the security of our networks and protection of our customers’ and employees’ information seriously and are rigorous in securing our networks and monitoring threats. We are currently investigating reports of a cybersecurity event. As we learn more, we will keep our customers, employees, stakeholders and authorities informed.”

How to protect your personal data and online accounts

Even if this Brightspeed investigation does not end up impacting your account, these steps are worth following. Most data breaches lead to the same downstream risks, like phishing scams, account takeovers and identity theft. Building these habits now can help protect you across all your online accounts.

1) Watch for phishing attempts

Scammers often take advantage of breach headlines to create panic. Be cautious with emails, calls or texts that mention your internet account billing problems or service changes. If a message pushes urgency or pressure, pause before responding.

2) Avoid suspicious links and attachments

Do not click links or open attachments tied to account notices or payment issues. Instead, open a new browser window and go directly to the company’s official website or app. Strong antivirus software adds another layer of protection against malicious downloads.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

3) Update your account passwords

Change your Brightspeed account password and review passwords on other important accounts. Use strong, unique passwords that you do not reuse elsewhere. A trusted password manager can generate and store complex passwords, which makes account takeovers much harder.

Next, see if your email has been exposed in past breaches. Our #1 pick, NordPass, includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

4) Reduce your data footprint

Personal data spreads quietly across data broker sites. Using a data removal service can help limit how much of your information is publicly available. Less exposed data means fewer opportunities for scammers to target you.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Is your personal information exposed online?

Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.

5) Turn on account alerts

Brightspeed lets customers turn on account and billing alerts through the My Brightspeed site or app. You can choose which notifications you receive by email or text. Alerts can help you catch unusual activity early and respond before more damage occurs.

6) Monitor your financial accounts closely

Check bank and credit card statements often. Look for small or unfamiliar charges since criminals sometimes test stolen data with low-dollar transactions before attempting larger fraud.

7) Consider fraud alerts or a credit freeze

If sensitive information may have been exposed, placing a fraud alert or credit freeze can add protection. These steps make it harder for criminals to open new accounts in your name.

You may also want to consider an identity theft protection service that monitors for suspicious activity and sends alerts.  Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

Related Links: 

• Why January is the best time to remove personal data online
• Make 2026 your most private year yet by removing broker data
• Surprising places your personal data is exposed and how to remove it

Kurt’s key takeaways

Brightspeed’s investigation is still unfolding, and the company says it will share updates as it learns more. Until then, the claims highlight how valuable customer data has become and how aggressively extortion groups are targeting infrastructure providers. For customers, caution is the best defense. For companies, transparency and speed will matter if these claims turn out to be real.

Do you feel companies are doing enough to keep your personal data safe? Let us know your thoughts in the comments below. 

FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

Copyright 2026 CyberGuy.com.  All rights reserved.  CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.