The Crimson Collective group claims to have breached BrightSpeed, an American telecommunications and broadband service provider. The threat actors posted a statement on their Telegram channel urging the company to check its communications, implying an extortion attempt is underway. The group asserts they have successfully exfiltrated a massive database affecting residential users.
According to the actor, they are in possession of over 1 million residential user PII records. The allegedly compromised data includes:
-
Customer Master Records: Full names, email addresses, phone numbers, billing and service addresses, account status, and network type.
-
Technical Details: Network assignment, site IDs, consent flags, and billing system data.
-
Address Qualification Data: Full postal addresses, latitude/longitude coordinates, qualification status (fiber/copper/4G), maximum bandwidth, and drop length.
-
User Account Details: Session/user IDs, communication preferences, and account suspension reasons.
-
Payment History: Payment IDs, dates, amounts, invoice numbers, and masked card numbers (last 4 digits).
-
Payment Methods: Default payment method IDs, gateways, masked credit card numbers, expiry dates, BINs, and cardholder names/addresses.
-
Service Records: Appointment and order records, including dispatch information, technician details, and installation types.
Daily Dark WebRead More
R1
T1
