Key facts
- Charter Communications confirmed a cybersecurity incident impacting sales tools for business customers.
- Ransomware group ShinyHunters claims to have stolen millions of customer records.
- The hackers claim a voice phishing (vishing) attack was used to gain access.
- Charter denies that sensitive personal information or private telecom account data was released.
- Customers are advised to be cautious of potential follow-on scams using exposed contact details.
Charter Communications, a major US broadband and cable provider serving over 32 million customers, has confirmed a cybersecurity incident. The ransomware group ShinyHunters listed Charter on its data leak site, claiming to have stolen millions of customer records. Charter stated that the incident primarily affected sales tools used for current, past, and prospective business customers, and that sensitive personal information or private telecom account data was not released by the threat actor. However, ShinyHunters claims the attack, which occurred on April 1, 2026, involved a voice phishing (vishing) scam. The group alleges they obtained access to a Microsoft Entra account belonging to an employee, which then allowed them to access Charter's Salesforce system. The stolen data purportedly includes customer names, email addresses, home addresses, phone numbers, plan information, and support ticket data. Due to this discrepancy between Charter's statement and the hackers' claims, customers are being advised to remain alert for potential scams. Exposed contact details could be used by scammers to create more believable fake messages, impersonating Charter or Spectrum representatives to solicit account verification, warn of service disconnections, or request payment information. The incident highlights the growing threat of phone-based attacks and the need for companies to enhance employee training, access controls, and security for cloud-based tools like Microsoft Entra and Salesforce. Customers are urged to be cautious of unexpected calls, texts, or emails, avoid clicking suspicious links, never share one-time login codes, change their passwords, and verify any suspicious account activity directly through official channels.