Brightspeed, one of the largest fiber broadband companies in the United States, is investigating security breach and data theft claims made by the Crimson Collective extortion gang.
Founded in 2022, the U.S. telecommunications and Internet service provider (ISP) serves rural and suburban communities across 20 states.
“We take the security of our networks and protection of our customers’ and employees’ information seriously and are rigorous in securing our networks and monitoring threats. We are currently investigating reports of a cybersecurity event,” Brightspeed told BleepingComputer. “As we learn more, we will keep our customers, employees and authorities informed.”
The statement after Crimson Collective said in a Sunday update on their Telegram channel that they had stolen sensitive information belonging to over 1 million Brightspeed customers.
The threat actors claim the stolen data contains customer/account details with personally identifiable information (PII), address information, user account information linked to session/user IDs (including names, emails, and phone numbers), payment history, some payment card information, and appointment/order records containing customer PII.
“If anyone has someone working at BrightSpeed, tell them to read their mails fast! We have in our hands over 1m+ residential user PII’s,” they said, adding that “sample will be dropped on monday night time, letting them some time first to answer to us.”
In October, the hacking group also breached one of Red Hat’s GitLab instances, stealing roughly 570GB of data across 28,000 internal development repositories, an incident that impacted the enterprise software giant’s consulting division.
After the incident, Crimson Collective partnered with the Scattered Lapsus$ Hunters hacker collective and used their ShinyHunters data leak site as part of their attempts to extort Red Hat.
In December, Nissan confirmed that the personal information of approximately 21,000 Japanese customers (including names, physical addresses, phone numbers, and email addresses) was compromised in the Red Hat data breach.
Since then, Crimson Collective has also targeted AWS (Amazon Web Services) cloud environments to steal data and extort companies, using exposed AWS credentials and creating rogue identity and access management (IAM) accounts to escalate privileges.
As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.
This free cheat sheet outlines 7 best practices you can start using today.