28 November 2025
Alternative broadband provider Brsk, which last year merged with Netomnia’s expanding multi-gigabit Fibre-to-the-Premises (FTTP) network, has reportedly suffered a significant data breach. Hackers are said to have gained access to and exposed personal data belonging to approximately 230,105 customers, with the stolen database now reportedly up for sale on a hacking forum.
The breach was initially identified by the DailyDarkWeb, a community of volunteers dedicated to monitoring the hidden layers of the digital world. The group has a history of uncovering leaks involving UK companies and telecoms providers. According to their report, a threat actor is advertising the stolen customer database, offering a sample and setting a price for negotiation through direct messages.
The leaked data reportedly includes various personal details such as customer names, email addresses, physical addresses, phone numbers, installation and booking information, Brsk ID numbers, location data, and information indicating whether a customer is considered vulnerable — such as those with telecare needs. The latter is particularly concerning, as vulnerable users are often targeted by phishing scams and other malicious activities.
There is, however, some relief in that the breach does not appear to include sensitive financial information, login credentials, or passwords. Nonetheless, the exposure of contact details and sensitive customer classifications remains a serious privacy concern.
The company has informed affected customers and is offering 12 months of free personal, financial, and web-monitoring services through Experian as a precaution. Brsk has engaged security experts to assist with their investigation, and relevant authorities, including the ICO and police, have been notified.
This incident adds to a troubling pattern of data breaches affecting UK internet providers. One of the most notable was the 2015 TalkTalk breach, which compromised nearly 157,000 customers and resulted in a £400,000 fine from the ICO in 2016.
While Brsk could potentially face a hefty regulatory fine, the ICO’s backlog of investigations means it may take some time before any penalties are finalized. For example, the regulator is still probing Lyca Mobile UK’s 2023 data breach, which occurred over two years ago, illustrating the slow pace of enforcement in this area. As the investigation unfolds, customers and industry observers will be watching closely to see how Brsk manages the fallout from this serious security incident.
