{"id":4008,"date":"2026-01-07T12:39:29","date_gmt":"2026-01-07T12:39:29","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2026\/01\/07\/hackers-claim-to-disconnect-brightspeed-customers-after-breach\/"},"modified":"2026-01-07T12:39:29","modified_gmt":"2026-01-07T12:39:29","slug":"hackers-claim-to-disconnect-brightspeed-customers-after-breach","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2026\/01\/07\/hackers-claim-to-disconnect-brightspeed-customers-after-breach\/","title":{"rendered":"Hackers Claim to Disconnect Brightspeed Customers After Breach"},"content":{"rendered":"<div>\n<p><img decoding=\"async\" src=\"https:\/\/ft365.org\/wp-content\/uploads\/2025\/06\/localimages\/ea721ff9-8ba4-4d88-b386-57e9e1606077.jpg?width=64&#038;height=64&#038;mode=crop&#038;scale=both&#038;format=webp\" alt=\"Photo of Phil Muncaster\" loading=\"lazy\"><\/p>\n<\/div>\n<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>A US internet service provider (ISP)\u00a0is scrambling to investigate a recent security breach in which threat actors claim to have obtained information on over one million customers and disrupted their connectivity.<\/p>\n<p>Brightspeed offers high-speed fiber internet, digital voice\u00a0and business services across 20 US states.<\/p>\n<p>On January 4, a hacking group known as Crimson Collective posted to Telegram that it had a raft of personally identifiable information (PII) in its possession.<\/p>\n<p>It posted a sample of the data a day later, before adding on January 6: \u201cHey Brightspeed, we disconnected a lot of your users\u2019 home internet &#8230; they might be complaining you should check.\u201d<\/p>\n<p><em>Read more on threats to ISPs: APT Group StormBamboo Attacks ISP Customers Via DNS Poisoning<\/em><\/p>\n<p>Those claims have so far not been confirmed and it\u2019s unclear how the group managed to breach Brightspeed.<\/p>\n<p>Among the PII the group purports to have in its possession are:<\/p>\n<ul>\n<li>Account master records, including names, email and service\/billing addresses, phone numbers, account status, network type, consent flags, billing system, service instance, network assignment\u00a0and site IDs<\/li>\n<li>Address latitude and longitude coordinates, service type and\u00a0marketing profile codes<\/li>\n<li>Payment history including payment IDs, dates, amounts, invoice numbers, card types and last four digits of card numbers<\/li>\n<li>Payment methods, including default payment method IDs, gateways, masked credit card numbers, expiry dates, BINs, cardholder names and addresses, and status flags<\/li>\n<li>Appointment\/order records for billing accounts<\/li>\n<\/ul>\n<h2>Crimson Collective Strikes Again<\/h2>\n<p>This isn\u2019t the first time the group has hit the headlines. In September, it claimed responsibility for an attack on Red Hat\u2019s private GitLab repositories, which resulted in the theft of nearly 570GB of data across 28,000 internal projects.<\/p>\n<p>This reportedly included around 800 Customer Engagement Reports (CERs) detailing customer networks and platforms.\u00a0<\/p>\n<p>One of these corporate customers was Nissan Fukuoka Sales, it emerged last month.<\/p>\n<p>Jacob Krell, senior director of secure AI solutions and cybersecurity at\u00a0Suzu Labs, argued that security breaches impacting ISPs can have a major knock-on effect.<\/p>\n<p>\u201cBecause ISPs serve millions of people and underpin critical communications, security failures carry societal and national security implications, not just technical ones. Disruption or abuse of these networks can affect public trust, service continuity\u00a0and the broader information environment,\u201d he said.<\/p>\n<p>\u201cCybercrime itself has evolved into a mature business. Data theft and extortion groups operate with specialization, coordination\u00a0and clear financial incentives. As a result, breaches are rarely isolated events. Stolen data is often reused, resold\u00a0and exploited over time, extending the impact well beyond the initial incident.\u201d<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A US internet service provider (ISP)\u00a0is scrambling to investigate a recent security breach in which threat actors claim to have obtained information on over one million customers and disrupted their connectivity. Brightspeed offers high-speed fiber internet, digital voice\u00a0and business services across 20 US states. On January 4, a hacking group known as Crimson Collective posted<\/p>\n","protected":false},"author":2,"featured_media":4009,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4008","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4008-c8ef3c34-9c2e-4dcb-bd6e-1c9b8a71e2a9.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4008-c8ef3c34-9c2e-4dcb-bd6e-1c9b8a71e2a9-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4008-c8ef3c34-9c2e-4dcb-bd6e-1c9b8a71e2a9.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4008-c8ef3c34-9c2e-4dcb-bd6e-1c9b8a71e2a9.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4008-c8ef3c34-9c2e-4dcb-bd6e-1c9b8a71e2a9.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4008-c8ef3c34-9c2e-4dcb-bd6e-1c9b8a71e2a9.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4008-c8ef3c34-9c2e-4dcb-bd6e-1c9b8a71e2a9.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4008-c8ef3c34-9c2e-4dcb-bd6e-1c9b8a71e2a9.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4008-c8ef3c34-9c2e-4dcb-bd6e-1c9b8a71e2a9.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4008-c8ef3c34-9c2e-4dcb-bd6e-1c9b8a71e2a9.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2026\/01\/4008-c8ef3c34-9c2e-4dcb-bd6e-1c9b8a71e2a9-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"http:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4008","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=4008"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4008\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/4009"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=4008"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=4008"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=4008"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}