Brightspeed hackers allegedly steal 1 million customer records in data breach

Brightspeed, one of the largest fiber broadband providers in the United States, is investigating allegations that hackers stole sensitive data associated with more than 1 million customers.

The allegations came to light when a group calling itself Crimson Collective posted messages on Telegram warning Brightspeed employees not to check their email. The group claims to have access to more than 1 million residential customer records and has threatened to release exemplar statements if the company does not respond.

At this point, Brightspeed has not confirmed that the hack occurred. However, the company says it is actively investigating what it calls a potential cybersecurity event.

The data breach exposed 400,000 bank customers’ information

Sign up for my free CyberGuy reportGet the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter

What the hackers say they stole

According to Crimson Collective, the stolen data includes a wide range of personally identifiable information. The group claims to have access to:

• Customer names, email addresses and phone numbers
• Home addresses and bills
• User account details associated with the session or user identifiers
• Payment history and partial payment card information
• Appointment and order records are linked to customer accounts

If this data set is accurate, it could create serious risks of identity theft and fraud for affected customers.

Brightspeed responds to these allegations

Brightspeed says it is taking the situation seriously, even as it continues to verify the allegations.

In a statement shared with BleepingComputer, the company said it is carefully monitoring the threats and working to understand what happened. Brightspeed added that it will keep customers, employees and authorities informed as more details become available.

To date, there has been no public notice on Brightspeed’s website or social media channels confirming that customer data was exposed.

Who is Brightspeed and why does this matter?

Brightspeed is an American telecommunications and Internet services company, founded in 2022 after Apollo Global Management acquired the local exchange assets of Lumen Technologies.

The company is headquartered in Charlotte, North Carolina, and serves rural and suburban communities in 20 states. It has rapidly expanded its fiber reach, crossing over 2 million homes and businesses and aiming to reach more than 5 million locations.

Because Brightspeed focuses on underserved areas, many customers rely on it as their primary Internet provider. This makes any potential breach particularly worrisome.

A closer look at Crimson Collective

Crimson Collective is not new to high-profile targets. In October, the group hacked a GitLab instance linked to Red Hat, stealing hundreds of gigabytes of internal development data.

This incident later spread abroad. In December, Nissan confirmed that the personal data of about 21,000 Japanese customers had been exposed through the same breach.

Recently, researchers say Crimson Collective targeted cloud environments, including Amazon Web Services, by abusing exposed credentials and creating rogue access accounts to escalate privileges.

In other words, the group has a track record that makes its claims difficult to ignore.

What could this mean for customers?

Although Brightspeed has not confirmed that the hack occurred, the claims alone are enough to raise red flags. If customer data is accessed, it can be used for phishing, account takeover, or payment fraud.

Cybercriminals often move quickly after breaches occur. This means that customers must remain alert even before an official notification appears.

CyberGuy has reached out to Brightspeed for comment, and a spokesperson told us,

“We take the security of our networks and the protection of our customers’ and employees’ information very seriously and take great care in securing our networks and monitoring threats. We are currently investigating reports of a cybersecurity event. As we learn more, we will keep our customers, employees, stakeholders and authorities informed.”

Scams surge in January: Why fraud is on the rise at the beginning of the year

How to protect your personal data and online accounts

Even if Brightspeed’s investigation doesn’t impact your account, these steps are worth taking. Most data breaches lead to the same downstream risks, such as phishing, account takeover, and identity theft. Building these habits now can help protect you across all your online accounts.

1) Watch out for phishing attempts

Scammers often exploit headlines to create panic. Be wary of emails, calls, or text messages indicating problems with your Internet account billing or changes in service. If the message is urgent or stressful, pause before responding.

2) Avoid suspicious links and attachments

Do not click on links or open attachments associated with account notifications or payment issues. Alternatively, open a new browser window and go directly to the company’s official website or app. Powerful antivirus software adds another layer of protection against malicious downloads.

The best way to protect yourself from malicious links that install malware, and potentially access your private information, is to install strong antivirus software on all your devices. This protection can also alert you to phishing emails and ransomware, keeping your personal information and digital assets safe.

Get my picks for the best antivirus protection winners of 2026 for Windows, Mac, Android, and iOS at Cyberguy.com

3) Update your account passwords

Change your Brightspeed account password and review passwords for other important accounts. Use strong, unique passwords and don’t reuse them anywhere else. A reliable password manager can create and store complex passwords, making account takeovers more difficult.

Next, check if your email has been exposed in previous breaches. Our #1 choice of password manager (see Cyberguy.com/Passwords) includes a built-in penetration scanner that checks if your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com

4) Reduce your data footprint

Personal data is quietly spread across data broker sites. Using a data removal service can help limit the amount of information available to the public. Less exposed data means fewer opportunities for scammers to target you.

While no service can guarantee complete removal of your data from the Internet, a data removal service is truly a smart choice. It’s not cheap, and neither is your privacy. These services do all the work for you by systematically monitoring and scraping your personal information from hundreds of websites. This gives me peace of mind and has proven to be the most effective way to clear your personal data from the Internet. By limiting the information available, you reduce the risk of fraudsters cross-referencing data from breaches to information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free check to see if your personal information really exists on the web by visiting Cyberguy.com

Get a free check to see if your personal information is already on the web: Cyberguy.com

5) Turn on account alerts

Brightspeed allows customers to trigger account and billing alerts through the My Brightspeed website or app. You can choose which notifications you receive via email or text message. Alerts can help you detect unusual activity early and respond to it before more damage is done.

6) Monitor your financial accounts closely

Check your bank and credit card statements often. Look for small or unusual charges because criminals sometimes test stolen data with low-dollar transactions before attempting larger scams.

7) Consider fraud alerts or credit freezes

If sensitive information is disclosed, placing a fraud alert or credit freeze can add protection. These steps make it difficult for criminals to open new accounts in your name. To learn more about how to do this, go to Cyberguy.com And search “How to freeze your credit.”

You may also want to consider an identity theft protection service that monitors suspicious activity and sends alerts. Identity theft companies can monitor personal information such as your Social Security number (SSN), phone number, and email address, and alert you if it is sold on the dark web or used to open an account. They can also help you freeze your bank and credit card accounts to prevent further unauthorized use by criminals.

Check out my tips and top picks on how to protect yourself from identity theft at Cyberguy.com

Key takeaways for Kurt

Brightspeed’s investigation is still unfolding, and the company says it will share updates as it learns more. Until then, the claims highlight how valuable customer data is and how aggressively extortion groups target infrastructure providers. For customers, caution is the best defense. For companies, transparency and speed will be important if these allegations turn out to be true.

Do you feel that companies are doing enough to keep your personal data safe? Let us know by writing to us at Cyberguy.com

Click here to download the FOX NEWS app

Sign up for my free CyberGuy report Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter

Copyright 2026 CyberGuy.com. All rights reserved.