Charter Communications has confirmed a cybersecurity incident after the ShinyHunters extortion group claimed it breached the telecommunications giant and stole data belonging to more than 42 million customers.
The threat actor added Charter Communications to its leak site this week, alleging that the company failed to engage with extortion demands. A post published by the group warns that the stolen data will be leaked if negotiations are not opened before May 27, 2026.
The listing claims the breach exposed “over 42M records containing PII,” referring to personally identifiable information. However, the exact nature of the allegedly stolen data has not been independently verified.
Charter Communications is one of the largest telecommunications and broadband providers in the United States, operating under the Spectrum brand and serving tens of millions of residential and business customers with internet, mobile, cable television, and phone services.
In a statement shared with CyberInsider, a Charter spokesperson confirmed the company is investigating the incident and coordinating with authorities.
“We are aware of the situation, following our security protocols, and are in the process of alerting appropriate authorities. No sensitive personal information (PI) or customer proprietary network information (CPNI) data was exfiltrated by the threat actor.”
The company did not disclose how attackers may have gained access to its systems or whether any internal services were disrupted during the incident.
The breach appears linked to an ongoing large-scale campaign targeting Salesforce environments and enterprise cloud infrastructure. ShinyHunters has recently claimed responsibility for multiple intrusions involving companies whose environments allegedly contained exposed credentials, authentication tokens, or improperly secured integrations.
Earlier this month, the group claimed that hundreds of organizations were compromised in what researchers described as a broader Salesforce-focused operation involving cloud credentials and third-party SaaS platforms. CyberInsider previously reported on the campaign and the attackers’ claims regarding widespread downstream compromises.
ShinyHunters has become one of the most active cybercrime groups targeting enterprise cloud environments, with recent incidents involving large outsourcing providers, SaaS platforms, and educational technology companies. The group typically steals large datasets before attempting to extort victims under threats of public leaks.
At this time, Charter has not publicly confirmed how many customers may have been affected or whether notifications will be sent to impacted individuals.
If you liked this article, be sure to follow us on X/Twitter and also LinkedIn for more exclusive content.
