ShinyHunters adds Charter to trophy shelf after 4.9M customer records leak
Jump to main content
REG AD
Cyber-Crime
ShinyHunters adds Charter to trophy shelf after 4.9M customer records leak Telco giant says no sensitive data was taken, though names, addresses, phones, and emails are now out there
Carly Page Carly Page
Published fri 29 May 2026 // 11:22 UTC
ShinyHunters claims it has dumped the personal details of millions of Charter Communications customers after the US telecom giant apparently declined to play along with the gang's latest extortion demands.According to Have I Been Pwned, the breach exposed the personal details of 4.9 million customers, including names, email addresses, phone numbers, and physical addresses. It says a smaller subset of roughly 85,000 records originating from an internal staff directory also contained job titles.Charter appeared on the ShinyHunters leak site earlier this month, with the extortion crew claiming to have stolen more than 42 million records belonging to consumer and business customers.
REG AD
The listing, seen by The Register, warned: "Over 42M records containing PII have been compromised. This is a final warning to reach out by 27 May 2026 before we leak along with several annoying (digital) problems that'll come your way."
REG AD
After the alleged deadline passed, the criminals updated the post with a familiar message for organizations that decline to pay."Over 42M records containing PII have been compromised. The company failed to reach an agreement with us despite our incredible patience, all the chances and offers we made. They don't care."Charter, one of the largest broadband providers in the US through its Spectrum brand, confirmed it is investigating the incident but disputed the sensitivity of the data exposed."We are aware of the situation, following our security protocols and are working with appropriate authorities," the company said in a statement provided to multiple outlets. "No sensitive personal information (PI) or customer proprietary network information (CPNI) data was exfiltrated by the threat actor as a result of recent activity." MORE CONTEXT Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data
Real estate giant confirms vishing incident as ShinyHunters and Qilin both come knocking
Burglar alarm biz burgled: ADT confirms cyber intrusion after ShinyHunters extortion attempt
French DIY etailer ManoMano admits customer data stolen
That may be technically true, but millions of names, addresses, phone numbers, and email addresses still represent a useful haul for scammers, phishers, and identity thieves.The incident is also not Charter's first brush with high-profile intrusions. The telecom provider was among the organizations reportedly caught up in China's Salt Typhoon espionage campaign last year, alongside a growing list of US telcos.The leak lands hours after Carnival Corporation, the world's largest cruise operator, admitted that ShinyHunters had also made off with the personal data of nearly six million people, suggesting the gang has been enjoying an unusually busy week.For companies weighing whether data theft is less disruptive than ransomware, ShinyHunters keeps providing fresh case studies in why that difference may not matter much to the people whose information ends up online. ®
data breach cyber-crime charter communications telecoms shinyhunters security
REG AD
public sector
ICE to keep an eye on your eyes under $25M biometric scanner deal
And you thought a face recognition app was intrusive?
Security
No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out
Researcher reported the vuln in March. Maintainers haven't responded to his messages since
PARTNER CONTENT
AI and data sovereignty in Postgres: An answer to the datacenter energy crisis
A billion AI agents walk into a power grid
Legal
23andMe inherits lawsuit over 'disturbing' DNA data breach
California AG claims genetics biz downplayed 2023 mega-leak while paying ransom to attacker
Systems
EU's digital sovereignty boo-boo may be the best thing to ever happen to the project
DIY or die. Just don't let the CIA buy it
software
UCLA seeks pre-litigation resolution with Oracle
Discussion understood to concern delayed SaaS transformation project
MOST POPULAR
AI + ML Google has seriously leaned into AI enshittification lately Security Anthropic to release Mythos-class models to the public Security Disgruntled 0-day hunter 'humiliated' by Microsoft pledges 'bone shattering drop' as Redmond calls cops Operating Systems Linus Torvalds to ‘start being more hardnosed’ about ‘pointless pull requests’ – some of which come from AIs