Charter Communications Investigates Alleged ShinyHunters Breach of 42 Million Customer Records

Charter Communications, which operates the Spectrum brand, provides internet, mobile, TV and phone services to tens of millions of U.S. customers. On May 20 2026 the ShinyHunters group added Charter to its leak site, alleging that the company ignored extortion demands and warning that the stolen data would be published if negotiations do not begin by May 27 2026. The group says the breach exposed “over 42M records containing PII.”

- A Charter spokesperson confirmed the company is investigating the incident, alerting authorities, and that no sensitive personal information (PI) or customer proprietary network information (CPNI) was exfiltrated. - ShinyHunters claims the stolen dataset includes names, addresses, email addresses and phone numbers tied to more than 42 million accounts. - The threat actor posted the allegation on its leak site this week and set a deadline of May 27 2026 for talks to start. - Charter has not disclosed the attack vector, whether any internal services were disrupted, or how many customers may actually be affected. - The intrusion appears linked to a broader campaign targeting Salesforce environments and cloud‑based SaaS integrations, where ShinyHunters has previously harvested credentials and tokens.

If the claim is accurate, the exposure of tens of millions of PII records could enable identity‑theft, credential‑stuffing and targeted phishing campaigns against Charter’s customers. Even though Charter says no PI or CPNI left the network, the lack of independent verification means defenders should treat the claim as credible until proven otherwise.