Charter Communications data breach affects 4.9 million accounts

HomeNewsSecurityCharter Communications data breach affects 4.9 million accounts

Charter Communications data breach affects 4.9 million accounts By Sergiu Gatlan May 29, 2026 04:29 AM 1 The ShinyHunters extortion gang stole personal information from 4.9 million accounts after hacking the U.S. telecom giant Charter Communications in early April, according to data breach notification service Have I Been Pwned. Charter has over 92,000 employees and provides internet, mobile, video, and voice services to more than 32 million customers and over 57 million homes in 41 states across the U.S. through its Spectrum brand. The company confirmed the breach earlier this week, saying that the attackers did not steal sensitive personal customer information and that it had alerted authorities about the incident. "No sensitive personal information (PI) or customer proprietary network information (CPNI) data was exfiltrated by the threat actor as a result of recent activity," Charter told BleepingComputer. While Charter has yet to attribute the attack and has not shared further details, the ShinyHunters extortion gang claimed responsibility and told BleepingComputer that they breached the company's systems on April 1 in a voice phishing (vishing) attack that compromised an employee's Microsoft Entra account. The threat actors claimed they used this access to steal 42 million records from the company's Salesforce instance, including consumer and business customer names, email addresses, physical addresses, phone numbers, phone types, plan information, support ticket data, and some CPNI data. After the company refused to pay the ransom demanded by ShinyHunters to have the stolen data returned and destroyed, the cybercrime group leaked the documents stolen from Charter's Salesforce instance on their dark web leak site. BleepingComputer reached out to Charter again about the extortion gang's claims that they also stole additional CPNI data but was referred back to the company's original statement. Charter entry on ShinyHunters leak site (BleepingComputer) Although Charter declined to share further details, including whether threat actors also exfiltrated CPNI data from its systems, Have I Been Pwned analyzed the leaked data and confirmed that the incident affected 4.9 million accounts, whose names, email addresses, job titles, phone numbers, and physical addresses were stolen. "The group later published the data, which exposed 4.9M unique email addresses along with names, phone numbers and physical addresses," Have I Been Pwned said. "A subset of approximately 85k records originating from an internal employee directory also included job titles." ShinyHunters has been targeting Salesforce customers over the past year, breaching hundreds of companies worldwide and claiming the theft of billions of records in Salesforce Aura data theft attacks and a Salesloft Drift campaign. The FBI has recently advised ShinyHunters' victims not to give in to the gang's ransom demands, after previously warning that doing so cannot guarantee that threat actors won't attempt to sell the stolen data to other cybercriminals or extort them again. Charter Communications' systems were also compromised in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon that also impacted AT&T, Verizon, Consolidated Communications, Windstream, and Lumen, as well as telecom companies in dozens of other countries.

The Validation Gap: Automated Pentesting Answers One Question. You Need Six. Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.This guide covers the 6 surfaces you actually need to validate. Download Now

Related Articles: 7-Eleven confirms data breach claimed by the ShinyHunters gangHome security giant ADT data breach affects 5.5 million peopleData breach at edtech giant McGraw Hill affects 13.5 million accountsCharter confirms data breach after ShinyHunters extortion threat7-Eleven data breach exposes personal information of 185,000 people Breach

Charter Communications

Data Leak

Data Theft

Salesforce

ShinyHunters

Telecommunications

USA

Sergiu Gatlan Sergiu is a news reporter who has covered the latest cybersecurity and technology developments for over a decade. Email or Twitter DMs for tips.

Comments Mr.Tom - 2 hours ago

"that compromised an employee's Microsoft Entra account" Let me guess, Charter didn't disable legacy authentication or Device Code Flow? They probably don't use any form of hardware FIDO2 MFA authentication and let their employees know their own Entra ID password. I bet they don't have token binding either. You really need to take all the account access and information out of employee's hands, so they don't know s**t and just start typing their password into a rando website, which can easily happen. But who knows, maybe they talked the employee into downloading and running malware or scripts to steal data from their computer that had info on how to access more data. Maybe they got the MFA out of the employee. In-house IT needs to control all of this.

Post a Comment Community Rules You need to login in order to post a comment Not a member yet? Register Now