Charter Communications data breach affects 4.9 million accounts

Charter Communications confirmed a data breach affecting 4.9 million customer accounts after the ShinyHunters extortion gang hacked its systems in early April. The attackers exploited a voice phishing attack targeting an employee’s Microsoft Entra account, gaining access to Charter’s Salesforce instance. ShinyHunters claimed to have stolen 42 million records, including names, email addresses, physical addresses, phone numbers, plan details, and support ticket data, though Charter stated no sensitive personal or customer proprietary network information (CPNI) was exfiltrated. The gang leaked the stolen data after Charter refused to pay the ransom, exposing 4.9 million unique email addresses along with names, phone numbers, and addresses. A smaller subset of 85,000 records from an internal employee directory also included job titles. Have I Been Pwned verified the breach’s scope, confirming the leaked data matched the reported figures. ShinyHunters has previously targeted Salesforce customers, claiming thefts of billions of records across hundreds of global companies. The FBI recently advised victims not to pay ransoms, warning that such payments do not guarantee data destruction or prevent further extortion attempts. Charter’s breach follows a 2023 wave of attacks by the Chinese state-backed group Salt Typhoon, which compromised multiple U.S. telecoms, including AT&T, Verizon, and Windstream. The company has notified authorities but declined to provide additional details about the incident’s full impact or whether CPNI data was compromised. The breach underscores ongoing risks in cybersecurity, particularly for large organizations relying on cloud-based customer relationship management systems like Salesforce.