ShinyHunters Leaks ~5 Million Charter Communications Customer Records After Extortion Refusal
What Happened – The cyber‑crime extortion group ShinyHunters published data it claims to have stolen from Charter Communications after the company declined to pay a ransom. The leak contains roughly 4.9 M unique customer records (email, name, phone, physical address) and about 85 k employee‑directory entries.
Why It Matters for TPRM –
- Exposure of personally identifiable information (PII) for millions of end‑users creates regulatory and reputational risk for any organization that relies on Charter’s network services.
- The breach originated from compromised sales‑related SaaS accounts, highlighting the supply‑chain risk of credential‑based attacks on third‑party providers.
- Ongoing investigations may reveal additional data sets or affect downstream vendors that integrate with Charter’s platforms.
Who Is Affected – Telecommunications (TELCO) customers, both residential and business; employees whose internal directory data was exposed.
Recommended Actions – Review contractual security clauses with Charter, verify that encryption and data‑loss‑prevention controls are in place, monitor for credential abuse on SaaS services (Salesforce, Okta, Microsoft 365), and consider alternative connectivity providers if risk remains elevated.
Technical Notes – Attack vector: voice‑phishing (vishing) to harvest credentials for SaaS platforms, leading to unauthorized access and data exfiltration. No specific CVE cited. Leaked data includes names, email addresses, phone numbers, physical addresses, and job titles. Source: SecurityAffairs