Broadband provider Brightspeed is investigating a data breach after a threat actor claimed to have exfiltrated the personal information of over 1 million people and threatened to disconnect broadband customers. The Charlotte, North Carolina–based company serves more than 2 million business and residential customers, indicating the breach may have affected a significant portion of its user base.
The apparent data breach surfaced after the minor league hacking group Crimson Collective announced on its Telegram channel that it had obtained a dataset of Brightspeed customers containing extensive personal information.
Crimson Collective claimed that the leaked trove contained customers’ names, email addresses, phone numbers, postal addresses, and geographical coordinates. It also exposed Brightspeed customers’ billing and service addresses, account statuses, network type, consent types, network assignment, site IDs, maximum bandwidth, wire center, eligibility flags, and more.
Other customer details leaked include session and user IDs, transaction information such as payment history and methods, including the last four digits of customers’ credit cards, expiry dates, payment per account, suspend reason, payment IDs, dates, and amounts, invoice numbers, card types, and other information.
Support information, such as dispatch and technician information, install type, and appointment window, was also leaked.
“When a telecommunications provider experiences a potential breach, the impact reaches well beyond the company itself,” opined Jacob Krell, Senior Director, Suzu Labs. “Internet service providers support everyday communication and commerce, and access to their systems can expose customer information at a significant scale. When attackers are able to access and remove sensitive data, it raises legitimate questions about exposure across the industry.”
Crimson Collective claims that the stolen information could enable them to carry out sophisticated attacks, including disconnecting the broadband provider’s home internet customers.
So far, customers have not reported service outages resulting from the data breach. Nevertheless, they face a persistent risk of potential phishing attacks and tech support scams after their contact and subscription information was leaked.
Subsequently, they should remain vigilant for unsolicited communication via email, text messages, or phone calls requesting additional information traditionally not shared online.
Meanwhile, the broadband provider says it takes its network security and data protection of its customers and employees seriously and rigorously secures and monitors its infrastructure for various threats.
Undoubtedly, internet service providers (ISPs) have become attractive targets for cyber attacks because of the vast personal and financial information they hold and the critical role they play in daily life and business, especially in underserved areas.
“Because ISPs serve millions of people and underpin critical communications, security failures carry societal and national security implications, not just technical ones,” added Krell. “Disruption or abuse of these networks can affect public trust, service continuity, and the broader information environment.”