- Charter Communications confirmed a breach after ShinyHunters listed it on their leak site
- Hackers claim 40 million customer records were stolen via vishing attack on April 1, 2026
- The attackers allegedly accessed a Microsoft Login account, extracted data from Salesforce, and exfiltrated customer names, emails, addresses, phone numbers, plan information, and support tickets.
Charter Communications has confirmed to the media that it suffered a data breach and is currently alerting the relevant authorities about the incident.
As one of the largest telecommunications and broadband providers in the United States, Charter offers Internet, cable television, wireless and telephone services to more than 40 states in the United States. It currently has more than 32 million clients in the country.
The infamous ShinyHunters ransomware actors added Charter to their data leak site, claiming to have breached the company’s systems and promising to leak the stolen data unless a ransom is paid.
Links to Ghost CMS?
In response to media queries, Charter said beepcomputer He was “aware of the situation, following security protocols, and in the process of alerting the corresponding authorities.
“The threat actor did not extract sensitive personal information (PI) or customer proprietary network information (CPNI) as a result of the recent activity,” the company was quoted as saying.
At the same time, ShinyHunters claims to have captured 40 million records containing personal information from both consumers and businesses. The group says the attack took place on April 1, 2026 via a voice phishing (vishing) scam, through which they obtained a Microsoft Login account belonging to an employee.
Through the account, ShinyHunters agents accessed Charter’s Salesforce instance and pulled everything they could from it, which allegedly included customer names, email addresses, addresses, phone numbers, phone type, plan information, and some CPNI data. Customer service ticket data was also allegedly stolen.
Along with TeamPCP, ShinyHunters is currently the most active threat actor out there. The company is known for phoning victim companies, posing as IT or customer support, and convincing its targets to install malware themselves or run remote desktop management (RMM) solutions and give attackers unlimited access.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
