Charter Communications confirmed a data breach this weekend after ShinyHunters listed the telecom on its extortion site, claiming it will release 40 million customer records unless a ransom is paid by May 27.
The attack vector is specific. ShinyHunters told BleepingComputer it breached Charter on April 1 through a voice phishing call that compromised an employee’s Microsoft Entra account. From there, the group exported records from Charter’s Salesforce instance, allegedly capturing customer names, addresses, phone numbers, plan information, and some CPNI data. Charter, which serves tens of millions through its Spectrum brand, denies it all. The company’s statement: no sensitive PI or CPNI “was exfiltrated by the threat actor.”
That’s a direct contradiction. ShinyHunters claims CPNI was taken; Charter says it wasn’t. CPNI is federally protected call-and-usage data, meaning Charter’s denial isn’t just PR — it’s a legal threshold set by FCC regulation.
The comparable here is Instructure. ShinyHunters hit the Canvas parent with the same extortion playbook weeks ago, stealing 3.65TB of data from 275 million users. Instructure reached an “agreement” with the group, with the ransom amount undisclosed. Charter’s choice now: pay and get shred logs, or hold the line and watch 40 million records land on a leak site.
Don’t pay, and Charter spends months in FCC inquiries and breach notifications. Pay, and you’ve just set the price for every telco on ShinyHunters’ list.
The May 27 deadline expires tomorrow.
Diana Kowalski