A US internet service provider (ISP) is scrambling to investigate a recent security breach in which threat actors claim to have obtained information on over one million customers and disrupted their connectivity.
Brightspeed offers high-speed fiber internet, digital voice and business services across 20 US states.
On January 4, a hacking group known as Crimson Collective posted to Telegram that it had a raft of personally identifiable information (PII) in its possession.
It posted a sample of the data a day later, before adding on January 6: “Hey Brightspeed, we disconnected a lot of your users’ home internet ... they might be complaining you should check.”
Read more on threats to ISPs: APT Group StormBamboo Attacks ISP Customers Via DNS Poisoning
Those claims have so far not been confirmed and it’s unclear how the group managed to breach Brightspeed.
Among the PII the group purports to have in its possession are:
- Account master records, including names, email and service/billing addresses, phone numbers, account status, network type, consent flags, billing system, service instance, network assignment and site IDs
- Address latitude and longitude coordinates, service type and marketing profile codes
- Payment history including payment IDs, dates, amounts, invoice numbers, card types and last four digits of card numbers
- Payment methods, including default payment method IDs, gateways, masked credit card numbers, expiry dates, BINs, cardholder names and addresses, and status flags
- Appointment/order records for billing accounts
Crimson Collective Strikes Again
This isn’t the first time the group has hit the headlines. In September, it claimed responsibility for an attack on Red Hat’s private GitLab repositories, which resulted in the theft of nearly 570GB of data across 28,000 internal projects.
This reportedly included around 800 Customer Engagement Reports (CERs) detailing customer networks and platforms.
One of these corporate customers was Nissan Fukuoka Sales, it emerged last month.
Jacob Krell, senior director of secure AI solutions and cybersecurity at Suzu Labs, argued that security breaches impacting ISPs can have a major knock-on effect.
“Because ISPs serve millions of people and underpin critical communications, security failures carry societal and national security implications, not just technical ones. Disruption or abuse of these networks can affect public trust, service continuity and the broader information environment,” he said.
“Cybercrime itself has evolved into a mature business. Data theft and extortion groups operate with specialization, coordination and clear financial incentives. As a result, breaches are rarely isolated events. Stolen data is often reused, resold and exploited over time, extending the impact well beyond the initial incident.”