U.S. telecommunications giant Charter Communications has confirmed a cybersecurity breach after the ShinyHunters extortion group claimed it stole millions of customer records from the company’s systems.
The company acknowledged the incident after ShinyHunters added Charter to its dark web leak site and threatened to publicly release the allegedly stolen data if ransom demands were not met. According to the threat actors, the breach involved roughly 40 million customer records tied to consumer and business accounts.
Charter, which operates under the Spectrum brand and serves millions of internet, cable, and mobile customers across the United States, said it immediately launched an investigation after discovering unauthorized access. The company also stated it notified law enforcement and engaged external cybersecurity experts to assist with incident response efforts.
In a statement shared with multiple media outlets, Charter said its current investigation indicates there is no evidence that highly sensitive customer information or customer proprietary network information was exfiltrated during the breach. However, the company has not publicly disclosed exactly what categories of data may have been accessed.
ShinyHunters claimed the stolen dataset contains customer account information and internal corporate records. Security researchers caution that extortion groups sometimes exaggerate breach sizes to pressure victims into paying ransom demands, though portions of leaked samples are often legitimate.
The incident is the latest in a growing wave of attacks linked to ShinyHunters, a cybercrime group known for breaching cloud platforms, SaaS environments, and enterprise systems through phishing, social engineering, and credential theft campaigns. Researchers have tied the group to numerous high-profile breaches involving companies across finance, telecommunications, retail, education, and cybersecurity sectors.
Cybersecurity analysts believe many recent ShinyHunters attacks target Salesforce environments and connected cloud services. Several companies impacted in 2026 reportedly suffered breaches after attackers compromised employee accounts through voice phishing and single sign-on credential theft rather than exploiting software vulnerabilities directly.
The group has increasingly adopted “pay or leak” extortion tactics in which stolen data is published on dark web leak sites if negotiations fail. Similar incidents this year affected companies including 7-Eleven, ADT, Instructure, Betterment, and Pitney Bowes.
Charter has not confirmed whether customer notifications will be issued or how many individuals may ultimately be affected. The company also has not attributed the attack directly to ShinyHunters, despite the group publicly claiming responsibility.