A major cybersecurity incident involving Charter Communications has reportedly exposed the personal information of approximately 4.9 million individuals after a breach allegedly carried out by the ShinyHunters extortion group.
The breach, which reportedly occurred in early April 2025, has drawn significant attention due to the scale of the exposed data and the ongoing targeting of Salesforce environments by cybercriminal groups.
Charter Confirms Security Incident
Charter Communications, one of the largest telecommunications providers in the United States, confirmed that it experienced a cybersecurity incident affecting certain business systems.
The company, which serves more than 32 million customers through its Spectrum brand, stated that while unauthorized access occurred, no sensitive personal information (PI) or Customer Proprietary Network Information (CPNI) was compromised.
According to Charter, the incident impacted sales-related tools used to manage current, former, and prospective business customers.
The company also said it notified law enforcement and launched an investigation into the breach.
ShinyHunters Claims Responsibility
The cybercriminal group known as ShinyHunters has claimed responsibility for the attack, alleging that it gained access to Charter’s systems through a voice phishing (vishing) attack that compromised an employee’s Microsoft Entra account on April 1.
According to the group’s claims, attackers leveraged the compromised account to access the company’s Salesforce environment and exfiltrate millions of customer records.
The threat actors alleged that the stolen information included:
- Customer names
- Email addresses
- Physical addresses
- Phone numbers
- Service plan details
- Support ticket information
- Business customer records
However, Charter has disputed claims that sensitive customer information or CPNI data was exposed.
4.9 Million Accounts Confirmed in Leaked Dataset
Following Charter’s refusal to pay a ransom demand, ShinyHunters reportedly published the stolen data on its dark web leak site.
Data breach notification platform Have I Been Pwned later analyzed the leaked information and confirmed that approximately 4.9 million unique accounts were affected.
The exposed records reportedly contain:
- Full names
- Email addresses
- Phone numbers
- Physical addresses
Additionally, around 85,000 records linked to an internal employee directory reportedly included job title information.
The findings indicate that while highly sensitive financial data may not have been exposed, the leaked information could still be valuable for phishing campaigns, identity theft attempts, and social engineering attacks.
Ongoing Salesforce-Focused Attacks
Security researchers have linked ShinyHunters to a growing number of attacks targeting organizations that use Salesforce platforms and related business applications.
Over the past year, the group has allegedly compromised hundreds of organizations worldwide, claiming to have stolen billions of records through various Salesforce-related data theft campaigns.
These attacks often rely on social engineering techniques, including phishing and vishing, rather than exploiting technical vulnerabilities.
FBI Warns Organizations Against Paying Ransoms
The FBI has repeatedly advised organizations affected by ShinyHunters attacks not to pay ransom demands.
According to law enforcement agencies, paying cybercriminals does not guarantee that stolen data will be deleted or that organizations will avoid future extortion attempts.
In many cases, threat actors may continue to sell or distribute stolen information even after receiving payment.
Charter Previously Targeted by Salt Typhoon
This is not the first time Charter Communications has faced cybersecurity challenges.
The company was previously among several major telecommunications providers reportedly impacted by activities attributed to Salt Typhoon, a Chinese state-backed cyber espionage group.
Other affected telecom companies included AT&T, Verizon, Windstream, Lumen, and several international telecommunications providers.
Key Takeaways
The Charter Communications breach highlights the growing threat posed by social engineering attacks and ransomware-linked extortion groups. Even when sensitive financial data is not exposed, leaked personal information can still create significant risks for customers and employees.
Organizations are increasingly being urged to strengthen employee security awareness, implement multi-factor authentication, and closely monitor access to cloud-based business platforms to reduce the risk of similar attacks.
