Charter Communications (Spectrum) Data Breach Exposes Customer Records
Charter Communications, operating as Spectrum, confirmed a significant data breach after the ShinyHunters group claimed responsibility for leaking customer data. The breach, which originated from a social engineering attack in early April 2026, exposed personal information of millions of current and former customers. The leaked data includes full names, email addresses, physical addresses, phone numbers, account plan details, and support ticket information. While Charter disputes the scale and sensitivity of the data, ShinyHunters claims to have exfiltrated over 13 million records, with some reports suggesting up to 42 million records. The incident highlights the effectiveness of vishing attacks in compromising enterprise cloud infrastructure.
Signal context
First seen: Jun 1, 2026
Last updated: Jun 29, 2026
Status: Public signal
Key points
- Charter Communications (Spectrum) confirmed a data breach.
- ShinyHunters group claimed responsibility for the attack and data leak.
- The breach originated from a vishing (voice phishing) attack in early April 2026, compromising an employee's Microsoft Entra account.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Information
Likely country: Location not provided
Watch phishing, executive impersonation and account-takeover exposure.
- Source type: outside the affected organization
Impact area: Confidentiality
Likely asset: User or customer data, Server or cloud data store
- 32 signals in the same sector
- 97 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
Charter Communications Data Breach Affects 5 Million Customers - Veri Sızıntısıhttps://verisizintisi.com/en/blog/2026-06-01-charter-communications-data-breach-impacts-5-millionPublic source from verisizintisi.com.
Client advisory: Spectrum data breach raises risk of follow-on attacks | CFChttps://www.cfc.com/en-gb/knowledge/resources/advisories/2026/06/client-advisory-spectrum-data-breach-raises-risk-of-follow-on-attacks/Public source from cfc.com.
Charter Communications Data Breach Exposes 42 Million Records - Safestatehttps://www.safestate.com/post/charter-communications-data-breach-exposes-42-million-recordsPublic source from safestate.com.
Spectrum Class Action: 40 Million Records, One Vishing Call, and the CPNI Question Charter Now Faces | ComplianceHub.Wikihttps://compliancehub.wiki/spectrum-charter-data-breach-class-action-40-million/Public source from compliancehub.wiki.
Related signals
Grouped by why the signal is relevant.
French government messaging platform Tchap breached via compromised user account
DINUM, the French government's digital affairs directorate, warned that hackers breached Tchap, France's encrypted messaging platform for public sector workers, using a compromised user account. The incident was detected by ANSSI, after which the affected account was blocked and an investigation launched into what conversations and data may have been accessed. DINUM has notified France's data protection authority, CNIL, due to the potential exposure of personal data. A threat actor claimed responsibility, alleging they used social engineering to access an education-related account and scrape messages, account information, and files, including 13.5GB of data from the French tax authority and other civil servants.
Data Breach Hits Over 100 Dutch Hotels via Shared Booking Software
Hospecs, a Dutch hospitality services firm, confirmed a data breach affecting at least 100 Dutch hotels, with reports also coming from Belgium and Ireland. The breach exposed guests' contact details and reservation information, which criminals are using for phishing attacks.
KDDI Corporation Data Breach Exposes up to 14.2 Million Email Logins
Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained unauthorized access to one of its email systems. This system was also used by five other internet service providers (ISPs) in Japan. The company discovered the compromise on June 17, 2026, and responded by blocking the attacker and implementing defensive measures. The investigation determined that hackers exploited a vulnerability in unnamed third-party software. Up to 14.2 million email addresses and passwords, including those of current, former, and inactive customers, may have been exposed. Some passwords were stored in hashed and/or encrypted form, but the company did not specify the encryption type or the percentage of plaintext passwords. KDDI has reported the incident to Japanese privacy and telecommunications regulators. The breach impacts KDDI Corporation and its partner ISPs.
Polymarket Suffers $3 Million Crypto Drain via Third-Party Vendor Compromise
Prediction market platform Polymarket disclosed a breach where hackers compromised a third-party vendor. The attackers injected malicious code into the Polymarket website for some users, leading to the draining of approximately $3 million in pUSD (USDC-backed) from at least 11 user wallets. The stolen funds were subsequently swapped and moved to Ethereum. Polymarket has contained the incident, committed to full refunds for affected users, and is in the process of notifying victims. This incident highlights supply-chain vulnerabilities in web frontends and crypto platforms.
BIGLOBE Inc. Affected by KDDI Corporation Data Breach
BIGLOBE Inc., a Japanese internet service provider, was impacted by a data breach originating from an email system provided by KDDI Corporation. Threat actors gained unauthorized access to this shared system by exploiting a vulnerability in third-party software. This led to the potential exposure of up to 14.2 million email addresses and passwords across all affected ISPs. BIGLOBE Inc. customers' email addresses and passwords may have been compromised.
JCOM Co., Ltd. Affected by KDDI Corporation Data Breach
JCOM Co., Ltd., a Japanese internet service provider, was impacted by a data breach originating from an email system provided by KDDI Corporation. Threat actors gained unauthorized access to this shared system by exploiting a vulnerability in third-party software. This led to the potential exposure of up to 14.2 million email addresses and passwords across all affected ISPs. JCOM customers' email addresses and passwords may have been compromised.