- Charter Communications confirmed a breach after ShinyHunters listed it on their leak page
- Hackers claim 40 million customer records stolen via vishing attack on April 1, 2026
- Attackers reportedly accessed a Microsoft Entra account, retrieved data from Salesforce, and exfiltrated customer names, emails, addresses, phone numbers, plan information, and support tickets
Charter Communications has confirmed to the media that it suffered a data breach and that it was currently alerting the relevant authorities about the incident.
As one of the largest telecommunications and broadband providers in the United States, Charter offers Internet, cable TV, cellular and telephone services to more than 40 US states. It currently has more than 32 million customers in the country.
Notorious ransomware actors ShinyHunters added Charter to their data leak page, claiming to have breached the company’s systems and promising to leak the stolen data unless a ransom is paid.
Links to Ghost CMS?
Responding to media inquiries, Charter said Bleeping Computer it was “aware of the situation, followed security protocols and was in the process of alerting the appropriate authorities.
“No Sensitive Personal Information (PI) or Customer Protected Network Information (CPNI) was exfiltrated by the threat actor as a result of recent activities,” the company was quoted as saying.
At the same time, ShinyHunters claims to have nabbed 40 million records of personal information about both consumer and business customers. The group says the attack took place on April 1, 2026 through a voice phishing (vishing) scam through which they obtained a Microsoft Entra account belonging to an employee.
Through the account, ShinyHunters’ operators gained access to Charter’s Salesforce instance and pulled everything they could from it, which allegedly includes customer names, email addresses, addresses, phone numbers, phone type, plan information and some CPNI data. Customer support ticket data was also allegedly stolen.
Next to TeamPCP, ShinyHunters is currently the most active threat actor out there. The company is known for calling victim companies on the phone, pretending to be IT or customer support, and convincing their targets to either install malware themselves or run remote desktop management (RMM) solutions, giving the attackers unmitigated access.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
