- Charter Communications confirmed a breach after ShinyHunters listed it on its leak site
- Hackers claim 40 million customer records were stolen via vishing attack on April 1, 2026.
- The attackers allegedly accessed a Microsoft Entra account, extracted data from Salesforce, and exfiltrated customer names, emails, addresses, phone numbers, plan information, and support tickets.
Charter Communications has confirmed to media that it has suffered a data breach and is currently alerting the relevant authorities of the incident.
As one of the largest telecommunications and broadband providers in the United States, Charter offers Internet, cable TV, cell phone and phone services in more than 40 U.S. states. It currently has more than 32 million customers in the country.
Notorious ransomware actors ShinyHunters have added Charter to their data leak site, claiming to have breached the company’s systems and promising to release the stolen data unless a ransom is paid.
Links to Ghost CMS?
Responding to media inquiries, Charter said BeepComputer he was “aware of the situation, following safety protocols and was in the process of alerting the appropriate authorities.”
“No sensitive personal information (PI) or customer proprietary network information (CPNI) data was exfiltrated by the threat actor as a result of recent activity,” the company said.
At the same time, ShinyHunters claims to have retrieved 40 million records containing personal information about individual and business customers. The group claims that the attack took place on April 1, 2026 through a voice phishing (vishing) scam, through which they obtained a Microsoft Entra account belonging to an employee.
Using the account, ShinyHunters agents accessed Charter’s Salesforce instance and extracted everything they could, including customer names, email addresses, addresses, phone numbers, phone type, plan information, and some CPNI data. Customer support ticket data was also allegedly stolen.
Alongside TeamPCP, ShinyHunters is currently the most active threat actor. The company is known to call victim companies on the phone, pretending to be IT or customer service, and convince their targets to either install malware themselves or run remote desktop management (RMM) solutions and grant the attackers unrestricted access.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.