Class actions allege Brightspeed data breach exposed 1M customers’ PII

Brightspeed class actions overview:

• Who: Four consumers have filed four different class action lawsuits against Connect Holding II LLC, doing business as Brightspeed.
• Why: They allege Brightspeed failed to properly secure and safeguard customer data compromised in a recent data breach.
• Where: The Brightspeed class action lawsuits were filed in federal courts in North Carolina, Ohio, Virginia and Texas.

Four separate class action lawsuits allege that Brightspeed failed to properly secure and safeguard customer data compromised in a recent data breach.

A group of four plaintiffs — Daniel Arter, Joseph Polner, Amanda Riggs and Michael Smith — claim Brightspeed failed to protect personally identifying information (PII), including names, emails, phone numbers, addresses, account numbers, account records, order records, payment histories, and payment methods, including partial credit card numbers and bank identification numbers.

Plaintiffs Arter, Polner, Riggs and Smith seek to represent residents of North Carolina, Ohio, Virginia and Texas, respectively, whose personally identifiable information was allegedly compromised in the Brightspeed data breach.

Brightspeed is a telecommunications company that provides broadband internet, voice, and related communications services to residential and business customers in the United States.

According to the Brightspeed class action, a hacker known as “Crimson Collective” posted on Telegram around Jan. 4, 2026, claiming they breached the company’s system. The hacker allegedly stole sensitive data belonging to more than 1 million residential customers, including personally identifiable information, account details and billing information.

Plaintiffs and class members at impending risk of fraud, Brightspeed class actions claim

As a result of the Brightspeed data breach, plaintiffs claim that the proposed class members are now at a significantly increased and certainly impending risk of fraud, identity theft, intrusion of their privacy and similar forms of criminal mischief.

Arter alleges in her lawsuit that Brightspeed failed “to take available steps to prevent unauthorized disclosure of data and failing to follow applicable, required and appropriate protocols, policies, and procedures regarding the encryption of data, even for internal use.”

Polner meanwhile claims Brightspeed’s failure to protect customer information constitutes an unfair or deceptive act under Ohio law.

In addition, Smith alleges that Brightspeed “unreasonably delayed in notifying Plaintiff and Class Members of the Data Breach, thereby depriving them of the opportunity to take immediate steps to mitigate the harm caused by the unauthorized access to their sensitive personal information.”

All plaintiffs are seeking monetary damages, injunctive relief requiring improved data security measures, credit monitoring services and attorneys’ fees arising from the alleged Brightspeed data breach.

What do you think about the allegations made in these Brightspeed data breach class action lawsuits? Tell us in the comments.

Arter is represented by E. Winslow Taylor of Taylor & Taylor Attorneys at Law, PLLC and Gerald D. Wells III and Robert J. Gray of Lynch Carpenter LLP; Polner by Jonathan Shub and Karl M. Camillus of Shub & Johns LLC and Gerald D. Wells III and Robert J. Gray of Lynch Carpenter LLP.; Riggs by Jonathan Shub and Karl M. Camillus of Shub & Johns LLC and Gerald D. Wells III and Robert J. Gray of Lynch Carpenter LLP; and Smith by Jonathan Shub and Karl M. Camillus of Shub & Johns LLC and Gerald D. Wells III and Robert J. Gray of Lynch Carpenter LLP.

The Brightspeed data breach class action lawsuits are Arter v. Connect Holding II, LLC, Case No. 3:26-cv-00045, in the U.S. District Court for the Western District of North Carolina; Polner v. Connect Holding II, LLC, Case No. 1:26-cv-00067, in the U.S. District Court for the Southern District of Ohio; Riggs v. Connect Holding II, LLC, Case No. 3:26-cv-00058, in the U.S. District Court for the Eastern District of Virginia; and Smith v. Connect Holding II, LLC, Case No. 4:26-cv-00072, in the U.S. District Court for the Northern District of Texas.

Read About More Class Action Lawsuits & Class Action Settlements:

• Sig Sauer class action claims P320 pistols are ‘extraordinarily dangerous’
• Multiple class actions claim Total Wireless, Veriff failed to protect customer PII in data breach
• Norway Savings Bank class actions allege company failed to protect customer data
• David Protein class action alleges protein bars contain more calories, fat than advertised