ShinyHunters claims it has released data allegedly stolen from Charter Communications after negotiations with the telecommunications provider reportedly failed.
The threat actor updated its listing on May 28, alleging that the company declined to reach an agreement despite what it described as multiple opportunities to negotiate. The group continues to claim that more than 42 million records containing personally identifiable information were compromised during the incident.
BreachNews has not independently verified the authenticity of the alleged dataset or the number of records claimed by the threat actor.
The update marks the latest development in an incident BreachNews first reported on May 22, when ShinyHunters added Charter Communications, DentaQuest, and Baker Distributing to its extortion site and threatened to publish allegedly stolen data if negotiations failed.
Charter previously confirmed the incident
Days after appearing on the ShinyHunters leak site, Charter Communications confirmed it experienced unauthorized access linked to the activity claimed by the threat actor.
“We are aware of the situation, following our security protocols and are working with appropriate authorities,” a Charter spokesperson said in a statement provided to multiple media outlets.
The company disputed key aspects of ShinyHunters’ allegations, stating that no sensitive personal information or Customer Proprietary Network Information (CPNI) was exfiltrated as a result of the incident.
ShinyHunters has continued to challenge that assessment. The group alleges that it gained access through a voice phishing attack that compromised an employee account and ultimately provided access to Charter’s Salesforce environment.
According to the threat actor, the allegedly stolen information includes customer names, email addresses, phone numbers, physical addresses, service-related information, customer support records, and other account data. Charter has not publicly confirmed those claims.
Leak claim follows expiration of deadline
When Charter first appeared on the group’s leak site, ShinyHunters warned that data would allegedly be published if the company failed to engage before a stated deadline. The latest update suggests the threat actor has now moved forward with that threat.
In its May 28 post, ShinyHunters claimed Charter “failed to reach an agreement” and alleged that the dataset had been released after negotiations broke down.
At the time of publication, it remains unclear whether the material allegedly published represents the full dataset the group claims to possess or only a portion of the purportedly stolen information.
Part of a broader ShinyHunters campaign
The Charter claim is the latest development in an ongoing extortion campaign that has seen ShinyHunters target organizations across telecommunications, education, healthcare, technology, and other sectors.
Unlike traditional ransomware operations, the group frequently focuses on alleged data theft and public leak threats rather than encryption-based attacks. Victims are typically listed publicly, given a deadline to negotiate, and then face the possibility of data publication if an agreement is not reached.
BreachNews previously reported on Charter’s inclusion in a broader wave of claims that also included DentaQuest and Baker Distributing. While Charter subsequently acknowledged a security incident, DentaQuest and Baker Distributing had not issued public statements regarding the alleged breaches at the time of the most recent update.
Questions remain about the alleged dataset
Although ShinyHunters claims more than 42 million records were compromised, no independent verification has confirmed the scale of the alleged breach or the specific categories of information contained within the purported dataset.
Large record counts cited by threat actors can represent a mixture of customer accounts, support records, historical entries, duplicated records, or multiple databases combined into a single figure. Without independent validation, the true scope of the alleged exposure remains unclear.
If authentic, a dataset of this size could present significant risks for phishing campaigns, social engineering attacks, account takeover attempts, and other forms of fraud targeting affected customers.
Charter has not publicly commented on ShinyHunters’ latest claim that the alleged dataset was released following failed negotiations.
