Data Breach Telecommunications · United States · January 2026

Brightspeed

Analysis of the Brightspeed data breach affecting over 1 million customers with partial payment card information exposed.

Records Affected

Over 1 million customers

Attack Type

Data Breach

Location

United States

Data types exposed

Names email addresses phone numbers billing addresses account details payment histories partial payment card data service order records

What Happened

In January 2026, it was reported that data from over 1 million Brightspeed customers had allegedly been stolen. Brightspeed is a fibre and broadband provider serving rural southeastern US communities.
The allegedly compromised data reportedly includes names, emails, phone numbers, billing addresses, account details, payment history, and partial card information.

Timeline

  • Late December 2025 — Crimson Collective claims initial access to Brightspeed systems
  • January 4-6, 2026 — Incident publicly disclosed
  • January 2026 — Four class-action lawsuits filed against Brightspeed

Threat Actor Profile

Crimson Collective is an extortion group that claimed responsibility for the Brightspeed breach. Limited public information is available about this group's history and typical tactics.

Impact and Risk Assessment

For Individuals

Over 1 million customers in rural and suburban communities across 20 states may have had their personal and partial payment data exposed.
Partial payment card data, combined with billing addresses and account details, increases the risk of financial fraud.
Customers in rural areas may have fewer alternative broadband providers, limiting their ability to switch services in response to a breach.

For Organisations

Brightspeed faces four class-action lawsuits and reputational damage in communities where it may be the primary or sole broadband provider.

Regulatory Context

US state data breach notification laws apply across the 20 states where Brightspeed operates. FCC regulations on telecommunications customer data (CPNI) may also apply.

What Should You Do?

For Individuals

  • If you are a Brightspeed customer, monitor your financial accounts for unauthorised transactions, particularly if you used a payment card for billing.
  • Change your Brightspeed account password and enable two-factor authentication if available.

For Security Professionals

  • Telecommunications providers serving rural communities hold critical infrastructure status. Security investment should reflect this responsibility regardless of company size.
  • Review your organisation's exposure to Brightspeed as a service provider and assess whether any employee or corporate data may be at risk.

Learnings and Recommendations

The inclusion of partial card information and payment history elevates the risk beyond typical telecom breaches. Telecommunications providers serving rural communities may have fewer security resources but hold equally sensitive customer data.
This advisory summarises a publicly reported cybersecurity incident for educational purposes. Information is sourced from publicly available reports and may include claims that are unverified or disputed. Inclusion does not imply fault or negligence by the affected organisation.
Back to all advisories