Charter Data Breach: Approximately 4.9 Million Emails Added to HIBP Following ShinyHunters Claim
Published
Key Takeaways
- Data Exposure: The Charter Communications data breach resulted in 4.9 million unique email addresses exposed, alongside contact information.
- Incident Scope Confirmed: Charter verified the breach and stated that no CPNI or sensitive personal data was compromised.
- Extortion Campaign: ShinyHunters recently targeted Charter Communications in a "pay or leak" operation.
In May 2026, the telecommunications company Charter Communications was targeted by the ShinyHunters threat group in a high-stakes "pay or leak" extortion campaign allegedly involving the theft of 40 million customer records. The exposure compromised 4.9 million unique email addresses, which were added to the breach notification service Have I Been Pwned (HIBP) on May 28.
Data Exfiltration and Exposure Scope
The Charter Communications compromised data, which is the parent organization behind the consumer broadband and cable brand Spectrum, includes 4,851,517 breached accounts containing:
- Email addresses
- Job titles
- Names
- Phone numbers
- Physical addresses
Furthermore, HIBP analysis identified a specific subset of approximately 85,000 records originating from an internal employee directory. This internal subset also included the job titles of the affected enterprise personnel.
Following the initial extortion demands, ShinyHunters published the exfiltrated dataset it reportedly stole via vishing on April 1, 2026, after which the hackers gained access to a Microsoft Entra account and pulled data from Salesforce.
Incident Response and Data Classification
In response to the data leak, Charter Communications officially confirmed the cybersecurity incident this week, stating that the data breach was limited in technical scope with respect to regulatory data classifications and no sensitive personal information or customer proprietary network information (CPNI) was exfiltrated during the intrusion.
In other recent news, the Kemper Corporation breach exposed approximately 270,000 accounts, the Ameriprise Financial data breach affected 502,000 accounts, and a 7-Eleven data breach impacted over 185,000 accounts after ShinyHunters claimed the intrusions.
Also, cruise operator Carnival Corp said it was compromised through social engineering after ShinyHunters claimed to have stolen 8.7 million records in April.
In February, Scattered Lapsus$ Hunters attempted to recruit women for vishing campaigns, offering $1,000.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular