Charter Communications had data on approximately 4.9 million accounts exposed after the ShinyHunters group threatened extortion and subsequently published the stolen data.
What happened
According to HIBP, in May 2026 the ShinyHunters threat group targeted Charter Communications — the parent company of the consumer broadband and cable brand Spectrum — in a "pay or leak" extortion campaign. When Charter did not comply, the group published the stolen data publicly. Charter confirmed the incident took place.
What was exposed
As reported by HIBP, the published data contained roughly 4.9 million unique email addresses along with names, phone numbers, and physical addresses. A smaller subset of about 85,000 records, believed to originate from an internal employee directory, also included job titles. Charter stated that no sensitive personal information or customer proprietary network information (CPNI) was exfiltrated.
Who is affected
Approximately 4.85 million individuals are affected, primarily Spectrum customers and a smaller number of Charter employees whose records appeared in an internal directory.
What to do now
- Watch for phishing emails or phone calls that reference your name or address, as attackers may use the exposed data to craft convincing scams.
- Be cautious of unsolicited texts or calls claiming to be from Spectrum or Charter.
- Consider placing a fraud alert with the major credit bureaus if you are concerned about identity theft, even though financial data was not reported as exposed.
- Review your Charter/Spectrum account for any unauthorized changes and ensure your account password is unique and strong.