Charter Communications (Spectrum) Data Breach by ShinyHunters
Charter Communications confirmed a data breach affecting Spectrum customers after the ShinyHunters group threatened to leak stolen data. The breach, which occurred around April 1, 2026, involved a vishing attack that compromised an employee's Microsoft Entra account, granting access to Salesforce data. Initially, Charter stated no sensitive personal information or CPNI was exfiltrated, but later breach monitoring indicated the exposed dataset affected approximately 4.9 million accounts, with some researchers reporting up to 13 million individuals and nearly 10 million customer-support records. Exposed data included names, email addresses, phone numbers, physical addresses, job titles, and customer support ticket information. Multiple federal lawsuits have since been filed against Charter for failing to protect customer data.
Signal context
First seen: May 26, 2026
Last updated: Jun 26, 2026
Status: Public signal
Key points
- Disclosed on May 26, 2026.
- Attributed to ShinyHunters group.
- Initial breach occurred around April 1, 2026, via vishing attack on an employee's Microsoft Entra account.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Information
Likely country: Location not provided
The feed marks multiple actor roles. Treat this as a review signal rather than a final attribution.
- Source type: outside the affected organization
- Source type: possible insider or internal misuse
Impact area: Confidentiality
Likely asset: User or customer data
- 29 signals in the same sector
- 93 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
Charter confirms data breach after ShinyHunters extortion threat - Bleeping Computerhttps://www.bleepingcomputer.com/news/security/charter-confirms-data-breach-after-shinyhunters-extortion-threat/Public source from bleepingcomputer.com.
ShinyHunters extorts Charter Communications after data breach | brief | SC Mediahttps://www.scmagazine.com/brief/shinyhunters-extorts-charter-communications-after-data-breachPublic source from scmagazine.com.
ShinyHunters Leaks Charter Communications Data, Potentially Impacting 5 Million Customershttps://securityaffairs.com/192907/uncategorized/shinyhunters-leaks-charter-communications-data-potentially-impacting-5-million-customers.htmlPublic source from securityaffairs.com.
Cyber Daily News for May 31, 2026https://www.youtube.com/watch?v=dQw4w9WgXcQPublic source from youtube.com.
Charter Communications Breach: ShinyHunters Uses Vishing to Compromise Microsoft Entra and Exfiltrate Salesforce CRM Data for 4.9 Million Accountshttps://techjackssolutions.com/weekly-security-intelligence-briefing-essential-guide-2026/Public source from techjackssolutions.com.
Data Breach Roundup (May 22 - 28, 2026)https://www.privacyguides.org/news/2026/05/29/data-breach-roundup-may-22-28-2026/Public source from privacyguides.org.
Biggest Cyber Attacks, Data Breaches, Ransomware Attacks of May 2026https://www.cybermanagementalliance.com/biggest-cyber-attacks-data-breaches-ransomware-attacks-may-2026/Public source from cybermanagementalliance.com.
Biggest Cyber Attacks, Data Breaches, Ransomware Attacks of May 2026https://www.cm-alliance.com/cybersecurity-blog/biggest-cyber-attacks-data-breaches-ransomware-attacks-of-may-2026Public source from cm-alliance.com.
Related signals
Grouped by why the signal is relevant.
Dutch civil servants from Authority for Consumers and Markets (ACM) affected by Microsoft data leak
Names of civil servants from the Authority for Consumers and Markets (ACM), involved in implementing the Digital Services Act (DSA), were reportedly shared by Microsoft with the U.S. House of Representatives without redaction.
Vodafone Source Code Leak
Vodafone, a major international telecom, sustained a source code leak claimed by the Lapsus$ extortion group on May 18, 2026. The company confirmed limited access to GitHub files through compromised third-party development software, but stated that customer data and core network infrastructure were not affected.
AgelessRx Data Breach Exposes Patient Health Information
AgelessRx, a telehealth platform specializing in longevity and anti-aging treatments, disclosed a data breach. An unauthorized actor gained access to certain help-desk tickets within the company's system between April 17 and April 22, 2026. The breach exposed sensitive patient health information, including names, dates of birth, health diagnoses or conditions, medications, and prescription details. The incident was reported to attorneys general on June 24, 2026, and notification letters to affected individuals began on June 23, 2026.
Klue Data Breach Leads to Salesforce Customer Data Exposure
Market intelligence platform Klue experienced a data breach, uncovered on June 12, 2026, where attackers stole OAuth tokens used to access customer data from Salesforce. The Icarus group claimed responsibility, leaking business contacts, sales notes, and pricing details from multiple victims. The incident was widely reported on June 24, 2026.
Snyk Affected by Klue Supply Chain Data Breach
Developer security platform Snyk was impacted by the Klue supply chain attack, which led to unauthorized access to customer data within Salesforce environments. The attack leveraged compromised OAuth tokens from the Klue platform.
Insurity Customer Data Exposed in Klue Supply Chain Attack
Insurity, a leading provider of cloud-based software for insurance carriers, was impacted by the Klue supply chain attack. The incident involved unauthorized access to customer data within Salesforce environments, due to compromised OAuth tokens from the Klue platform.