ShinyHunters Exposes 4.9 M Charter Communications Customer Records in Pay‑Or‑Leak Attack
What Happened – In May 2026, the hacking group ShinyHunters threatened Charter Communications with a “pay‑or‑leak” extortion campaign. After the ransom deadline passed, the group published a data set containing roughly 4.9 million unique email addresses, names, phone numbers, physical addresses, and, for about 85 k records, internal job titles. Charter confirmed the breach but said no sensitive personal information or Customer Proprietary Network Information (CPNI) was taken.
Why It Matters for TPRM –
- Large‑scale exposure of personally identifiable information (PII) raises credential‑reuse risk across downstream vendors.
- Telecom providers are often critical third‑party services; a breach can affect downstream business continuity and regulatory compliance.
- The “pay‑or‑leak” model signals a growing extortion trend that may target other service providers in the supply chain.
Who Is Affected – Telecommunications (broadband and cable) customers; downstream enterprises that rely on Charter’s network services for connectivity.
Recommended Actions –
- Verify that any Charter‑provided services in your environment are still secure and that no compromised credentials are in use.
- Enforce password rotation and enable MFA for all accounts that use Charter‑issued credentials or email addresses.
- Review contractual security clauses with Charter and assess breach‑notification obligations.
Technical Notes – The breach appears to stem from credential compromise and extortion rather than a disclosed software vulnerability. Exfiltrated data includes email addresses, names, phone numbers, physical addresses, and a subset of employee job titles. No CVE or specific malware was reported. Source: https://haveibeenpwned.com/Breach/Charter