Charter Communications says it suffered a security incident after the ShinyHunters extortion group threatened to leak stolen data. The attackers claim they breached Charter on April 1 by using voice phishing (vishing) to compromise an employee's Microsoft Entra account, then used access to Charter's Salesforce environment to export about 40 million customer records, including names, contact details, plan information, support tickets, and some customer proprietary network information (CPNI); Charter disputes that sensitive personal data or CPNI was exfiltrated.
Why it matters: Charter serves tens of millions of customers, so even partial account and service data exposure could create follow-on phishing, fraud, and impersonation risks. Affected users should watch for targeted calls and emails referencing Spectrum or account details, while defenders should review identity-provider protections, help-desk verification, and Salesforce access logs.
Ionut Arghire
2026.05.29
98% relevant
This is the same Charter/ShinyHunters breach event and adds that the gang has now published the allegedly stolen data, that Have I Been Pwned found about 4.9 million unique email addresses in the leak, and that the dataset includes names, addresses, phone numbers, and roughly 85,000 employee-linked records. It also includes Charter's statement disputing that CPNI or sensitive personal information was released.
2026.05.29
98% relevant
This is the same Charter/ShinyHunters breach event and updates it with reported public leakage of 4.9 million customer records, Have I Been Pwned ingestion details, and Charter's statement that no sensitive PI or CPNI was exfiltrated.
Sergiu Gatlan
2026.05.29
98% relevant
This is the same underlying Charter/ShinyHunters incident and adds key specifics: Have I Been Pwned says 4.9 million unique accounts were affected, the leaked data included names, email addresses, phone numbers, physical addresses, and about 85,000 employee-directory records with job titles, and the intrusion reportedly began with a vishing attack against an employee's Microsoft Entra account followed by theft from Salesforce.
Lawrence Abrams
2026.05.26
100% relevant
This article appears to be the first tracked item establishing Charter's confirmed breach tied to a ShinyHunters extortion claim and a specific vishing-to-SaaS compromise path.
← Back to all stories