British broadband provider Brsk has confirmed a data breach, after criminals claimed to be selling more than 230,000 customer records on a cybercrime forum.
The advert invited buyers to bid for a cache said to include full names, email addresses, home addresses, installation details, phone numbers, location data, and even markers identifying customers considered “vulnerable”.
Brsk has not commented on this specific claim, but it has acknowledged that one of its customer databases was accessed without permission. In a statement to ISP Review, the company said it was treating the incident “with the highest level of seriousness”.
Affected customers are now being offered 12 months of free Experian identity-monitoring services while the investigation continues.
Brsk added that:
- The breach involved “basic customer contact information”.
- No passwords, financial details or account credentials were affected.
- There is currently no evidence that the stolen data has been misused.
- The ICO, police and other regulators have been notified.
Brsk also stressed that its broadband services were not interrupted and its core network systems were not impacted.
Why are customers concerned?
According to posts on a criminal marketplace, the dataset contains 230,105 individual records. The listing claims to include sensitive fields that could make customers more vulnerable to fraud attempts.
The alleged breach appears to affect customers who joined Brsk following its expansion with Netomnia, although this has not been confirmed. The two companies merged in 2024 and now operate one of the UK’s largest alternative full-fibre networks, covering around 1.5 million premises with more than 140,000 active customers.
Criminal groups continue to target telecoms providers because they hold detailed personal information. Even when passwords and financial data aren’t taken, stolen contact information can still be used to commit fraud.
If you are a Brsk customer, it’s sensible to stay alert to:
- Suspicious emails, texts or calls: Criminals may impersonate Brsk, Netomnia, your bank or delivery companies to extract further information.
- Requests for account access or payment details: Brsk has confirmed that passwords were not compromised — so any message asking you to “reset” or “verify” information should be treated with caution.
- Scams targeting people labelled as ‘vulnerable’: If criminals really do hold this type of tag, they may tailor communications to appear more urgent or emotional.
- Unexpected credit checks or account openings: Even basic personal data can be misused in identity-related fraud.
Brsk has engaged external security specialists and continues to investigate the incident. Customers have been told they will receive further updates as more facts are confirmed.
Join the Claim will keep monitoring developments and will update you as the situation develops.
