Charter Communications confirms data breach — ShinyHunters blamed after threat to leak user info online

News
By published

ShinyHunters claims 40 million stolen records, including names

A hooded figure in front of a laptop. Digital symbols obscure his face and appear to be pouring out of his head
(Image credit: Getty Images)
  • Charter Communications confirmed a breach after ShinyHunters listed it on their leak site
  • Hackers claim 40 million customer records were stolen via a vishing attack on April 1 2026
  • Attackers allegedly accessed a Microsoft Entra account, pulled data from Salesforce, and exfiltrated customer names, emails, addresses, phone numbers, plan info, and support tickets

Charter Communications has confirmed to the media it suffered a data breach and that it was currently alerting the relevant authorities about the incident.

As one of the largest telecommunications and broadband providers in the United States, Charter offers internet, cable TV, mobile, and phone services to more than 40 US states. It currently has more than 32 million customers in the country.

Infamous ransomware actors ShinyHunters added Charter to their data leak site, claiming to have breached the company’s systems, and promising to leak the stolen data unless a ransom is paid.

Latest Videos From

Responding to media inquiries, Charter told BleepingComputer it was “aware of the situation, following security protocols, and in the process of alerting appropriate authorities.

"No sensitive personal information (PI) or customer proprietary network information (CPNI) data was exfiltrated by the threat actor as a result of recent activity,” the company was cited saying.

At the same time, ShinyHunters claims to have nabbed 40 million records with personal information of both consumer and business customers. The group says that the attack took place on April 1 2026 through a voice phishing (vishing) scam, through which they obtained a Microsoft Entra account belonging to an employee.

Through the account, ShinyHunters’ operatives accessed Charter’s Salesforce instance and pulled everything they could from it, which allegedly includes customer names, email addresses, addresses, phone numbers, phone type, plan information, and some CPNI data. Customer support ticket data was also allegedly stolen.

Next to TeamPCP, ShinyHunters is currently the most active threat actor out there. The company is known for calling victim companies on the phone, pretending to be IT or customer support, and convincing their targets to either install malware themselves, or run remote desktop management solutions (RMM) and grant the attackers unabated access.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.