Brightspeed Data Breach Lawsuit, Are You One of the 1 Million Customers Whose Data Was Stolen?

Brightspeed learned in early January 2026 that an unauthorized party accessed certain information from its network. In total, the data of at least 1 million customers was reportedly compromised in the breach. A proposed class action lawsuit was filed in U.S. federal court on January 7, 2026, by a Brightspeed customer, alleging negligence and inadequate data security practices and seeking damages and injunctive relief. 

Multiple additional law firms have since launched investigations on behalf of affected customers. No settlement has been reached. This article is an educational overview of the breach, the lawsuits filed, and what Brightspeed customers should do right now to protect themselves.

Quick Facts

• Company: Brightspeed (formerly CenturyLink/Lumen residential assets)
• Breach type: Alleged data theft and extortion by threat actor group Crimson Collective
• Breach period: Crimson Collective claimed it first gained access to Brightspeed production systems in late December 2025 and publicly announced the breach on January 4, 2026
• Customers potentially affected: Over 1 million residential subscribers
• Brightspeed’s response: Investigating — breach not yet confirmed or denied as of publication
• Lawsuits filed: At least one proposed class action filed January 7, 2026; multiple law firm investigations underway
• Settlement: None — litigation phase only
• States served by Brightspeed: 20 U.S. states, primarily Southeast and Midwest
• Brightspeed headquarters: Charlotte, North Carolina

What Happened

Brightspeed is a fiber broadband and telecommunications company launched in 2022 and headquartered in Charlotte, North Carolina. The company serves millions of homes and businesses across 20 states, predominantly in the Southeast and Midwest regions of the United States.

A criminal extortion group calling itself the Crimson Collective claimed to have stolen sensitive data belonging to more than 1 million residential Brightspeed customers, including extensive personally identifiable information (PII) and account and billing details. The group announced the breach on January 4, 2026, via its Telegram channel.

On January 6, 2026, the group added a further message claiming it had disconnected a large number of Brightspeed customers’ home internet — though those claims have not been independently confirmed.

Brightspeed responded with a statement: “We take the security of our networks and protection of our customers’ and employees’ information seriously and are rigorous in securing our networks and monitoring threats. We are currently investigating reports of a cybersecurity event. As we learn more, we will keep our customers, employees and authorities informed.”

As of mid-January 2026, Brightspeed had not confirmed data exfiltration or a compromise of its production systems, had not announced customer notifications, and had not announced credit monitoring or compensation programs.

What Data Was Allegedly Stolen

According to the Crimson Collective, the data it claims to possess includes account master records containing names, email addresses, billing and service addresses, phone numbers, account status, network type, consent flags, billing system, service instance, network assignment, and site IDs; address latitude and longitude coordinates, service type, and marketing profile codes; payment history including payment IDs, dates, amounts, invoice numbers, card types, and the last four digits of card numbers; and payment method details including default payment method IDs, gateways, masked credit card numbers, expiry dates, BINs, cardholder names, addresses, and status flags.

The compromised data also reportedly includes appointment and order records per billing account, containing customer names, emails, phone numbers, addresses, order numbers, appointment windows, dispatch and technician information, and install types.

The exposure of this type of sensitive information places affected individuals at a significantly increased risk of identity theft, financial fraud, and targeted phishing attacks. The specific nature of the data — including service appointments and technician details — could allow criminals to craft highly convincing scams targeting Brightspeed customers.

The Class Action Lawsuits

The most immediate legal consequence of the alleged breach is the class action lawsuit filed on January 7, 2026, which alleges failures in safeguarding customer data. The suit seeks damages and injunctive relief.

Several law firms are currently investigating additional claims on behalf of affected Brightspeed customers for potential class action lawsuits. These include:

• Chimicles Schwartz Kriner & Donaldson-Smith LLP — investigating a potential class action on behalf of individuals whose personal information was potentially compromised in the alleged breach
• Markovits, Stock & DeMarco, LLC — investigating claims on behalf of victims and encouraging affected Brightspeed customers who received a data breach notice letter to make contact for a free consultation
• Pittman, Dutton, Hellums, Bradley & Mann, P.C. — monitoring the incident and representing individuals whose personal data may have been exposed due to inadequate cybersecurity practices

Brightspeed’s potential financial exposure from lawsuits will depend on whether the breach is confirmed, the scope of any data loss, and the outcome of litigation. Reputational risk is also a significant concern given its role as a broadband provider serving residential customers across rural and suburban markets.

Because no class has been certified and no settlement has been reached, there is no claim form to file at this time. This page will be updated as the litigation develops.

Who Could Be Affected

Brightspeed is one of the largest fiber broadband providers in the U.S. and serves customers across 20 states. The company maintains a network serving over 7.3 million homes and businesses.

You may be affected if you are a current or former Brightspeed residential customer — particularly if you:

• Received a breach notification letter or email from Brightspeed
• Have a Brightspeed account that was active in late 2025 or early 2026
• Use Brightspeed fiber internet, digital voice, or business services in any of its 20 service states

As of mid-January 2026, Brightspeed had not announced customer notifications. If you have not received a notification but are a Brightspeed customer, monitor your email and postal mail closely for any official communications from the company.

What Brightspeed Customers Should Do Now

Even while the investigation remains ongoing, affected customers should take the following protective steps immediately:

1. Change your Brightspeed account password. Change your Brightspeed account password and review passwords on other important accounts. Use strong, unique passwords that you do not reuse elsewhere.

2. Monitor your financial accounts. Review your financial accounts and credit reports for unauthorized activity, unusual charges, or accounts you did not open — potential indicators that someone may be misusing your data.

3. Watch for phishing attempts. The specific nature of the data allegedly stolen — including service appointment details and technician information — could allow criminals to craft highly convincing scams targeting Brightspeed customers. Be skeptical of any caller or email that references your Brightspeed account, service address, or upcoming appointments.

4. Place a fraud alert or credit freeze. Contact one of the three major credit bureaus — Equifax, Experian, or TransUnion — to place a free fraud alert or credit freeze on your file.

5. Check if your data appeared in the breach. Search your email address or phone number on reliable data breach check websites to see if your information was exposed in the alleged Brightspeed incident.

6. Watch for official communication from Brightspeed. Brightspeed said it would notify customers, employees, and authorities as more information becomes available. Any legitimate communication will come from an official Brightspeed domain — never from a third party asking for your personal information.

About the Crimson Collective

This is not the first time Crimson Collective has hit the headlines. In September 2025, the group claimed responsibility for an attack on Red Hat’s private GitLab repositories, which resulted in the theft of nearly 570GB of data across 28,000 internal projects.

Rather than deploying ransomware, Crimson Collective focuses on stealing large datasets and using the threat of public disclosure as leverage to pressure victims into paying. The Brightspeed investigation illustrates a broader trend in cybercrime toward data-centric extortion campaigns targeting service providers and cloud environments.

Security researchers note that Crimson Collective has historically targeted misconfigured cloud environments and systems lacking multifactor authentication. No forensic findings have been publicly released, and it remains unclear whether Brightspeed’s core network, customer databases, or third-party systems were involved.

Frequently Asked Questions

Has Brightspeed confirmed the data breach? 

As of mid-January 2026, Brightspeed had not confirmed data exfiltration or a compromise of its production systems. The company confirmed it is investigating the alleged cybersecurity event and said it will keep customers, employees, and authorities informed as more information becomes available.

Is there a class action lawsuit against Brightspeed?

 Yes. A proposed class action lawsuit was filed in U.S. federal court on January 7, 2026, alleging negligence and inadequate data security practices. Multiple law firms are also investigating additional claims on behalf of affected customers.

Is there a settlement I can claim from? 

No. There is no settlement at this time. The lawsuits are in their earliest stages. This page will be updated if and when a settlement is reached and a claims process opens.

What data was allegedly stolen? 

Attackers claim to have stolen data including personally identifiable information (PII), address information, user account information linked to session and user IDs, names, emails, phone numbers, payment history, some payment card information, and appointment and order records containing customer PII.

What states does Brightspeed serve? 

Brightspeed is headquartered in Charlotte, North Carolina, and operates fiber broadband across 20 U.S. states, primarily in rural and suburban communities in the Southeast and Midwest.

Who is Crimson Collective? 

Crimson Collective is an extortion group that focuses on stealing large datasets and threatening public disclosure rather than deploying ransomware. The group publicly claimed responsibility for the Brightspeed breach on January 4, 2026, via its Telegram channel.

Last Updated: March 6, 2026

Disclaimer: This article is for informational purposes only and does not constitute legal advice. Legal claims and outcomes depend on specific facts and applicable law. For advice regarding a particular situation, consult a qualified attorney.

About the Author

Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah