Charter Confirms Cyber Incident as ShinyHunters Threatens Leak of 42 Million Customer Records

TL;DR: Charter Communications acknowledged a cyber incident after ShinyHunters claimed theft of over 42 million customer records and threatened to leak them unless extortion talks start by May 27, 2026.

Charter, one of the largest U.S. telecommunications providers operating under the Spectrum brand, said it is investigating the claim, following internal security protocols, and has alerted authorities. The company stated that no sensitive personal information or customer proprietary network information (CPNI) was exfiltrated, though it did not disclose how attackers may have accessed its systems.

ShinyHunters posted on its leak site this week, asserting that Charter failed to meet extortion demands and warning that the alleged data will be released if negotiations do not begin before May 27, 2026. The group claims the breach exposed “over 42M records containing PII,” referring to personally identifiable information such as names, addresses, and contact details. Independent verification of the data’s nature or volume has not been published.

The incident fits a broader pattern where ShinyHunters targets Salesforce and other cloud environments, often stealing credentials or authentication tokens from poorly secured integrations (MITRE ATT&CK T1078.003, T1552.004). Researchers note the group has recently claimed hundreds of compromises in a cloud‑focused campaign affecting SaaS platforms and outsourcing providers.

For defenders, the event underscores the need to secure cloud‑based identity stores and monitor for anomalous API activity. Recommended steps include: enforcing multi‑factor authentication on all cloud service accounts, reviewing and rotating any exposed credentials or tokens, applying the latest patches for Salesforce and related connectors (check vendor advisories for CVE‑2024‑XXXX equivalents), and enabling logging of privileged API calls with alerts for unusual data export volumes. Implementing network segmentation between corporate and customer‑facing systems can also limit lateral movement.

Watch for any official confirmation from Charter regarding the scope of the leak, potential regulatory filings, and whether ShinyHunters follows through on its May 27, 2026 deadline.