Broadband internet provider Brightspeed reportedly had a data breach that affected the personal data of over a million customers. The Charlotte-based company services over two million residential and business customers.
The breach became publicly known when a hacker group called Crimson Collective shared on Telegram that it had the customer data, which included names, emails, physical addresses, phone numbers, and more personal information. The data also included financial information, including transaction histories and payment information.
To prove that they had the information, Crimson Collection shared data samples. The group also claimed they had tried to reach out to Brightspeed employees but the emails were ignored.
Not only is the group attempting to sell the data online, they’ve also reportedly threatened to cut off internet access for customers, though customers haven’t reported outages yet. More importantly, with their personal information available to anyone willing to pay for it, the customers are at risk of an increased amount of scam calls and emails.
A spokesperson for Brightspeed told Bleeping Computer: “We take the security of our networks and protection of our customers’ and employees’ information seriously and are rigorous in securing our networks and monitoring threats. We are currently investigating reports of a cybersecurity event. As we learn more, we will keep our customers, employees and authorities informed.”