What Happened
In the corporate.charter.com data breach disclosed in late May 2026, U.S. telecom provider Charter Communications (Spectrum) was compromised around April 1, 2026, when the ShinyHunters group claims it used a voice‑phishing (vishing) attack to hijack an employee’s Microsoft Entra account and access Charter’s Salesforce systems. According to ShinyHunters and subsequent analyses, the attackers stole tens of millions of records from corporate/sales systems, with independent estimates ranging from about 4.9 million affected accounts to as many as 40 million customer records, though counts differ by source and may include duplicates. The exposed data consisted mainly of contact and account‑related business information—including names, email addresses (often corporate), physical/home and company addresses, phone numbers, plan information, and support ticket data, plus some job titles and limited internal employee directory details—rather than highly sensitive financial data. Charter has confirmed the incident but maintains that no sensitive personal information or customer proprietary network information (CPNI) was exfiltrated and that the impact was limited to sales tools for current, past, and prospective business customers, while ShinyHunters asserts that a broader set of telecom account data was taken and later leaked after Charter allegedly refused to pay ransom.
