Charlotte-based Brightspeed is investigating claims that hackers stole sensitive data of over 1 million customers in what could become the largest data breaches in America this year.
Brightspeed, one of the nation’s largest fiber broadband providers, confirmed it is reviewing what it calls a potential cybersecurity event. The investigation follows online extortion claims made by a group calling itself the Crimson Collective.
According to Crimson Collective, the allegedly stolen information includes:
-
Customer names, email addresses, and phone numbers
-
Home and billing addresses
-
User account and session identifiers
-
Payment history and partial payment card details
-
Appointment and order records
The group has targeted major organizations before. In October, it breached a GitLab system tied to Red Hat. That incident later led Nissan to confirm customer data exposure.
Researchers say the group has also exploited cloud systems by abusing exposed credentials to gain elevated access.
Brightspeed launched in 2022 after Apollo Global Management acquired assets from Lumen Technologies. The Charlotte-based provider serves rural and suburban communities across 20 states.
The company has passed more than 2 million locations with fiber and plans to reach over 5 million.
Customers are encouraged to monitor accounts closely, use strong passwords, enable multi-factor authentication, and watch for suspicious emails or payment activity.
Brightspeed said it will share updates as soon as it can confirm more details.
