Brightspeed Data Breach Class Actions Filed (2026)
Data Breach · Lawsuit Filed

Brightspeed Data Breach Class Actions Filed After Hackers Claimed More Than 1 Million Customers' Data

Published July 9, 2026

An extortion group says it stole data on more than a million Brightspeed customers. The company says it is still investigating — but the lawsuits are already here, and there is nothing to claim yet.

Brightspeed data breach class action lawsuit over an extortion group's claim of stolen customer data
Brightspeed, the fiber and DSL provider built from former Lumen/CenturyLink assets, faces class actions after a group claimed to have stolen customer data.
Allegations Only · No Settlement Yet

This article describes class action complaints and a threat actor's public claims. The statements below are unproven allegations, and Brightspeed has said it is investigating and had not confirmed a breach. There is no certified class and nothing to claim at this time. This page is informational and is not legal advice.

What Is This About?

Brightspeed, the fiber and DSL internet provider built from the former Lumen/CenturyLink local-network assets across roughly 20 states, is facing a wave of proposed class actions after an extortion group claimed to have stolen the personal information of more than 1 million of its residential customers. Several suits have been filed in the U.S. District Court for the Western District of North Carolina — Brightspeed's home district in Charlotte — including Black v. Connect Holding II LLC d/b/a Brightspeed, No. 3:26-cv-00026, along with related complaints such as Riggs (No. 3:26-cv-00067) and Frye (No. 3:26-cv-00099).

An important caveat sits at the center of this story: as of the reporting, Brightspeed had said only that it was investigating reports of a cybersecurity event and had not confirmed that a breach occurred or that any customer data was actually taken. The "1 million customers" figure comes from the attacker, not the company. The lawsuits are at their earliest stage — the allegations are unproven, no class has been certified, and there is no settlement and nothing to claim.

Status Complaints Filed Black v. Connect Holding II LLC d/b/a Brightspeed · W.D.N.C. · filed January 2026
Scale (Attacker's Claim) Hackers claimed 1M+ residential customers Brightspeed has not confirmed a breach or any figure — this is the attacker's claim
Reportedly Involved Names, contact info, account numbers, payment histories, last-4 card digits Per the attacker's claims and the complaints · no Social Security numbers reported
Can I Claim? No — nothing to claim yet No settlement, no fund, no claim form

The Alleged Breach

Around January 4, 2026, an extortion group calling itself Crimson Collective publicly claimed — via a Telegram post with screenshots and sample data — that it had accessed Brightspeed's systems and stolen the records of more than 1 million residential customers. Security reporting tied the group to infostealer-driven access and to threats to disrupt customers' service. According to the group's claims and the complaints that followed, the data reportedly includes names, email addresses, phone numbers, service and billing addresses, account and order records, account numbers, payment histories, and partial (last-four) payment-card numbers. Reporting indicates that Social Security numbers and full financial-account details were not part of the exposed data.

Brightspeed's public response was measured: it said it was investigating the reports and, as of the coverage, had not confirmed that a breach occurred or that data was exfiltrated. That gap — between an attacker's loud claim and a company's cautious "we're investigating" — is exactly the uncertainty the litigation now has to resolve. Everything the attacker asserts about the scope of the data should be treated as an unverified claim until Brightspeed's own investigation (or the litigation) establishes what, if anything, was taken.

What the Lawsuits Allege

The complaints are proposed data-breach class actions built on negligence-style theories: that Brightspeed failed to implement reasonable, industry-standard cybersecurity — including a failure to adequately protect and encrypt customer data — and that this failure exposed customers to a risk of fraud and identity theft. The suits seek monetary damages, injunctive relief requiring improved data security, credit-monitoring services, and attorneys' fees. The primary named defendant is Connect Holding II LLC, doing business as Brightspeed (one of the complaints instead names the closely related entity Connect Holding LLC). These are the plaintiffs' allegations; Brightspeed has not yet answered the complaints on the merits, and none of the claims has been tested in court.

Is There a Settlement?

No. Filing a complaint starts a case; it does not create a payout. There is no settlement fund, no claim form, no deadline, and no certified class. If the litigation later settles, a court-appointed administrator would issue notice and open a claims process — we will update this page and our data breach settlements hub if that happens. In the meantime, be skeptical of any site claiming you can "file a Brightspeed claim" now.

What Should Brightspeed Customers Do Now?

Watch for any official communication from Brightspeed about the incident, and treat unexpected calls, texts, or emails referencing your internet service, bill, or account with caution — scammers routinely impersonate a breached company. Monitor your bank and card statements for unfamiliar activity, and consider placing a fraud alert or a credit freeze with the major credit bureaus, which is free. Keep any notice you receive; if a settlement or claims process is created later, that notice is typically how class members file. For how these cases tend to unfold, see our coverage of the ADT data breach lawsuit and other data breach cases.

This page is informational and is not legal advice.

Frequently Asked Questions

Has a class action been filed over the Brightspeed data breach?

Yes — multiple proposed class actions in the Western District of North Carolina, including Black v. Connect Holding II LLC d/b/a Brightspeed, No. 3:26-cv-00026. All claims are unproven allegations; no class is certified.

How many customers were affected?

The Crimson Collective group claimed more than 1 million residential customers. That is the attacker's claim; Brightspeed said it was investigating and had not confirmed a breach or any figure.

Were Social Security numbers exposed?

Reporting indicates SSNs and full financial-account data were not among the exposed information, which reportedly centered on contact details, account records, payment histories, and last-four card digits. Treat the scope as unconfirmed until Brightspeed's investigation or the litigation establishes it.

Is there a settlement or claim form?

No. There is no settlement, fund, claim form, or deadline. Nothing to claim at this stage.

Sources

Justia Dockets — Black v. Connect Holding II LLC d/b/a Brightspeed, 3:26-cv-00026 (W.D.N.C.)
Justia Dockets — Riggs v. Connect Holding II LLC d/b/a Brightspeed, 3:26-cv-00067 (W.D.N.C.)
Malwarebytes — Extortion Group Claims Massive Brightspeed Data Haul
SC Media — Brightspeed Investigates Cyberattack Claims by Crimson Collective
Cybernews — Brightspeed Data Breach / Crimson Collective


For more class actions keep scrolling below.
Status Complaints filed — no class certified, no settlement
Lead Case Black v. Connect Holding II LLC d/b/a Brightspeed (related: Riggs, Frye)
Case Number 3:26-cv-00026 (also 3:26-cv-00067, 3:26-cv-00099)
Court U.S. District Court, Western District of North Carolina
Date Filed January 2026
Defendant Connect Holding II LLC, d/b/a Brightspeed

More Data Breach Cases