Charter Communications (Spectrum) Confirms Data Breach After ShinyHunters Threat
Charter Communications, operating as Spectrum, confirmed a data breach on May 26, 2026, after the ShinyHunters group threatened to leak stolen data. The breach, believed to have originated from a vishing attack compromising an employee's Microsoft Entra account, exposed approximately 4.9 million customer records, including names, email addresses, phone numbers, physical addresses, and job titles. ShinyHunters claimed to have stolen over 13 million customer records.
Signal context
First seen: May 26, 2026
Last updated: Jun 29, 2026
Status: Public signal
Key points
- Data breach confirmed on May 26, 2026.
- Threat actor: ShinyHunters.
- Origin: Vishing attack compromising an employee's Microsoft Entra account.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Information
Likely country: 🇨🇭 Switzerland
inferred from source domains
The feed marks multiple actor roles. Treat this as a review signal rather than a final attribution.
- Source type: outside the affected organization
- Source type: possible insider or internal misuse
Impact area: Confidentiality
Likely asset: User or customer data
- 26 signals in the same sector
- 90 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
Charter confirms data breach after ShinyHunters extortion threat - Bleeping Computerhttps://www.bleepingcomputer.com/news/security/charter-confirms-data-breach-after-shinyhunters-extortion-threat/Public source from bleepingcomputer.com.
ShinyHunters extorts Charter Communications after data breach | brief | SC Mediahttps://www.scmagazine.com/brief/shinyhunters-extorts-charter-communications-after-data-breachPublic source from scmagazine.com.
ShinyHunters Leaks Charter Communications Data, Potentially Impacting 5 Million Customershttps://securityaffairs.com/192907/uncategorized/shinyhunters-leaks-charter-communications-data-potentially-impacting-5-million-customers.htmlPublic source from securityaffairs.com.
Cyber Daily News for May 31, 2026https://www.youtube.com/watch?v=dQw4w9WgXcQPublic source from youtube.com.
Charter Communications Breach: ShinyHunters Uses Vishing to Compromise Microsoft Entra and Exfiltrate Salesforce CRM Data for 4.9 Million Accountshttps://techjackssolutions.com/weekly-security-intelligence-briefing-essential-guide-2026/Public source from techjackssolutions.com.
Data Breach Roundup (May 22 - 28, 2026)https://www.privacyguides.org/news/2026/05/29/data-breach-roundup-may-22-28-2026/Public source from privacyguides.org.
Biggest Cyber Attacks, Data Breaches, Ransomware Attacks of May 2026https://www.cybermanagementalliance.com/biggest-cyber-attacks-data-breaches-ransomware-attacks-may-2026/Public source from cybermanagementalliance.com.
Biggest Cyber Attacks, Data Breaches, Ransomware Attacks of May 2026https://www.cm-alliance.com/cybersecurity-blog/biggest-cyber-attacks-data-breaches-ransomware-attacks-of-may-2026Public source from cm-alliance.com.
List of Recent Data Breaches in 2026 - Bright Defensehttps://www.brightdefense.com/resources/recent-data-breaches/Public source from brightdefense.com.
Cybersecurity Week in Review: May 26, 2026 – June 1, 2026 - Senthorus Bloghttps://blog.senthorus.ch/posts/02_06_2026/?utm_source=feedlyPublic source from blog.senthorus.ch.
2026 Data Breaches: Cybersecurity Incidents Explained - PKWAREhttps://www.pkware.com/blog/2026-data-breachesPublic source from pkware.com.
Cybersecurity Week in Review: May 26, 2026 – June 1, 2026 - Senthorus Bloghttps://senthorus.com/blog/cybersecurity-week-in-review-may-26-2026-june-1-2026/Public source from senthorus.com.
Related signals
Grouped by why the signal is relevant.
Jeveuxaider.gouv.fr Data Leak Affects 550,000 Accounts
The French government announced on June 16, 2026, that its volunteering platform, Jeveuxaider.gouv.fr, had been a victim of a personal data leak. Approximately 550,000 user accounts were affected by the incident.
Dutch hospitals restore digital access after cyberattack on ChipSoft
On June 12, 2026, reports indicated that Dutch hospitals were restoring digital access following a cyberattack on ChipSoft, a major healthcare software provider. The attack had previously caused patient files to become inaccessible at multiple locations, leading fifteen hospitals to preventively block all electronic patient information. This measure forced doctors to revert to paper records and oral transfers. While the incident was not a data leak in the traditional sense, it was a significant attack on the health infrastructure of the Netherlands, carried out through a single supplier serving numerous hospitals.
NIFTY Corporation Affected by KDDI Corporation Data Breach
NIFTY Corporation, a Japanese internet service provider, was impacted by a data breach originating from an email system provided by KDDI Corporation. Threat actors gained unauthorized access to this shared system by exploiting a vulnerability in third-party software. This led to the potential exposure of up to 14.2 million email addresses and passwords across all affected ISPs. NIFTY Corporation customers' email addresses and passwords may have been compromised.
BIGLOBE Inc. Affected by KDDI Corporation Data Breach
BIGLOBE Inc., a Japanese internet service provider, was impacted by a data breach originating from an email system provided by KDDI Corporation. Threat actors gained unauthorized access to this shared system by exploiting a vulnerability in third-party software. This led to the potential exposure of up to 14.2 million email addresses and passwords across all affected ISPs. BIGLOBE Inc. customers' email addresses and passwords may have been compromised.
STNet, Inc. Affected by KDDI Corporation Data Breach
STNet, Inc., a Japanese internet service provider, was impacted by a data breach originating from an email system provided by KDDI Corporation. Threat actors gained unauthorized access to this shared system by exploiting a vulnerability in third-party software. This led to the potential exposure of up to 14.2 million email addresses and passwords across all affected ISPs. STNet customers' email addresses and passwords may have been compromised.
KDDI Web Communications Customer Data Affected by KDDI Email System Breach
KDDI Web Communications, a subsidiary of KDDI, was impacted by the data breach in KDDI Corporation's email system, disclosed on June 28, 2026. The incident, caused by a third-party software vulnerability, led to the potential exposure of up to 14.2 million email addresses and passwords belonging to customers across six Japanese ISPs, including KDDI Web Communications.