SECURITY
SECURITY
SECURITY
Brightspeed probes alleged cyberattack as Crimson Collective threatens data release
U.S. telecommunications and internet provider Brightspeed is investigating claims of the cyberattack after the Crimson Collective hacking group claimed to have breached the company’s systems and exfiltrated sensitive customer information.
Crimson Collective claimed in late December that it had obtained the personal information of more than 1 million Brightspeed customers. The stolen data allegedly includes names, email addresses, phone numbers, billing and account details and other personally identifiable information.
According to Bleeping Computer today, the group has released a data sample as proof of the breach and is threatening wider disclosure unless the company responds.
“If anyone has someone working at Brightspeed, tell them to read their mails fast! We have in our hands over 1m+ residential user PII’s,” the group said, before adding that a new “sample will be dropped on Monday night time, letting them some time first to answer to us.”
Brightspeed, founded in 2022, operates broadband services across 20 U.S. states and supports both residential and business users.
In a statement, it said, “We take the security of our networks and protection of our customers’ and employees’ information seriously and are rigorous in securing our networks and monitoring threats. We are currently investigating reports of a cybersecurity event. As we learn more, we will keep our customers, employees and authorities informed.”
The Crimson Collective is an extortion-oriented threat actor that first appeared on the scene in late September 2025 and uses a dedicated Telegram channel to announce and promote alleged breaches and stolen data.
A profile of the group from S2W Inc. notes that its modus operandi centers on data exfiltration from cloud environments — particularly Amazon Web Services Inc.-hosted infrastructure — followed by extortion demands broadcast on social platforms.
Crimson Collective first gained significant attention in October when it publicly claimed responsibility for a substantial breach of Red Hat’s private GitLab instance. The group claimed to have stolen about 570 gigabytes of sensitive internal repositories and customer engagement reports spanning thousands of projects.
Photo: Brightspeed
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
