Crimson Collective Claims Breach of U.S. Fiber Broadband Provider Brightspeed

The hacking group Crimson Collective claims to have obtained the personal data of more than a million residential customers of U.S. fiber broadband provider Brightspeed.

In a January 4 Telegram post, the group behind a Red Hat GitLab breach last year claimed to possess “over 1m+ residential user PII’s,” or personally identifiable information.

Crimson Collective said it would release a data sample on January 5 to give Brightspeed “some time first to answer to us.” It is not known what if any communications occurred between the company and the hacker group, but Crimson Collective made good on that threat and released the data sample today.

Crimson Collective Details Brightspeed Claims

Crimson Collective claims to possess a wide range of data on Brightspeed customers, including:

• Customer account master records containing names, email addresses, phone numbers, billing and service addresses, and account status
• Network type, consent flags, billing system, service instance, network assignment, and site IDs
• Address qualification responses with address IDs, full postal addresses, latitude and longitude coordinates, qualification status (fiber/copper/4G), maximum bandwidth, drop length, wire center, marketing profile codes, and eligibility flags
• User-level account details keyed by session/user IDs, “overlapping with PII including names, emails, phones, service addresses, account numbers, status, communication preferences, and suspend reasons”
• Payment history, including payment IDs, dates, amounts, invoice numbers, card types and masked payment card numbers (last 4 digits), gateways, and status
• Payment methods per account, including default payment method IDs, gateways, masked credit card numbers, expiry dates, bank identification numbers (BINs), holder names and addresses, status flags (Active/Declined), and created/updated timestamps
• Appointment and order records by billing account, including order numbers, status, appointment windows, dispatch and technician information, and install types.

Potential Risk for Brightspeed Users

In an email exchange with The Cyber Express, a Crimson Collective spokesperson noted that while the data doesn’t include password or credit card data that could put users at imminent risk of breach or theft, the group said that “Every PII is important, with all this data people can easily start big sophisticated phishing campaigns or even get access to specific people’s infrastructure.”

Asked if the group has established persistent access to Brightspeed’s environment, the spokesperson replied, “Cannot disclose this.”

The Cyber Express also reached out to Brightspeed for comment and will update this article with any response. However, the company reportedly told Security Week that it is “currently investigating reports of a cybersecurity event. As we learn more, we will keep our customers, employees and authorities informed. We take the security of our networks and protection of our customers’ and employees’ information seriously and are rigorous in securing our networks and monitoring threats.”