Cyber·Monitoring
Shai-Hulud Supply-Chain Attack Trojanizes 19 PyPI Packages
PyPI repository (global online service)· Global4 Jun
5 reportsPROPCYCAS
MediumAI Refreshed
ClosedMedium impactAI Generated
Charter Communications Confirms Data Breach via ShinyHunters Extortion
Occurred 1 Apr 2026·Detected 26 May 2026·
🇺🇸 United States (Charter Communications nationwide operations)4 reportsEnded 28 May 2026
CyberCyberCasualty & Liability
Charter Communications, one of the largest US broadband providers, has confirmed a data breach after the ShinyHunters extortion group claimed to have stolen 40 million customer records via a vishing attack compromising a Microsoft Entra account. The threat actors accessed Charter's Salesforce instance and are demanding ransom to prevent data publication. Charter disputes the sensitivity of exfiltrated data, but the threat actor claims CPNI and customer support data were included.
AI-generated from linked source reports. See our correction policy.
Impact verdict
Medium impact. Charter Communications is one of the largest US broadband providers with tens of millions of customers; a confirmed breach of this scale creates plausible cyber liability and data breach notification cost exposure relevant to cyber insurance books. Loss pathway: cyber liability and data breach coverage for a named major US telecom. Evidence: Charter confirmed the breach; ShinyHunters claims 40 million records stolen including potential CPNI data, triggering regulatory notification obligations. Limit: Charter disputes sensitivity of exfiltrated data and no ransom payment or regulatory enforcement action is yet confirmed, limiting current loss visibility.
View assessment methodologyHow we grade what we know -- Known · Reported · Uncertain. Methodology →
Intelligence ledger
Each line expands in place to its underlying sourced claim.
Known5 lines
Charter Communications confirmed a data breach occurred▾
structured lineknown
No separate sourced-claim record is available for this line yet.
ShinyHunters listed Charter on their data leak site threatening to release stolen data▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Charter states no sensitive personal information or CPNI was exfiltrated▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Breach was reported to appropriate authorities▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Attack vector was a vishing campaign compromising a Microsoft Entra employee account▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Reported4 lines
ShinyHunters claims 40 million consumer and business customer records were stolen▾
structured linereported
No separate sourced-claim record is available for this line yet.
Data allegedly stolen includes names, email addresses, phone numbers, plan information, and some CPNI▾
structured linereported
No separate sourced-claim record is available for this line yet.
Customer support ticket data allegedly also stolen▾
structured linereported
No separate sourced-claim record is available for this line yet.
Breach reportedly occurred on April 1 via Salesforce instance access▾
structured linereported
No separate sourced-claim record is available for this line yet.
Uncertain4 lines
Whether ransom was or will be paid▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
True scope and sensitivity of exfiltrated data remains disputed between Charter and threat actor▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Whether regulatory notification obligations have been or will be triggered under US state and federal law▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Potential cyber liability exposure and whether cyber insurance coverage applies▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Geographic Zone Matches
3 active matches
- TRIA Certified AreasRule-basedConfidence 100%
- Caribbean Hurricane ZoneRule-basedConfidence 100%
- Pacific Ring of FireRule-basedConfidence 100%
Geographic zone matches are RiskEvents spatial/analytical indicators, not coverage determinations or Lloyd's official classifications.
Affected countries
🇬🇧 United Kingdom🇺🇸 United States
Timeline
Corroboration4 Jun 2026, 19:28
Dental benefits administrator DentaQuest, part of Sun Life, has confirmed a cybersecurity breach in which ShinyHunters exfiltrated over 234 GB of data affecting 2.6 million accounts, including health insurance information, government-issued IDs, and personal data. The breach was publicly leaked after ransom negotiations reportedly failed. This incident has direct implications for cyber liability and data breach coverage underwriters given the scale of PII and health data exposure.
Source: BleepingComputer (Trade Media) · View source
Status Change2 Jun 2026, 13:05
Lifecycle changed
monitoring → closed
Closure2 Jun 2026, 13:05
Event Closed
auto_closed_monitoring_timeout
Corroboration28 May 2026, 12:24
Carnival Corporation, the world's largest cruise operator, has confirmed a data breach affecting nearly 6 million customers following a social engineering attack in April 2026 by the ShinyHunters extortion group. Stolen data includes names, dates of birth, email addresses, genders, and loyalty program details. The incident has clear cyber insurance implications given the scale of affected individuals, regulatory notification obligations, and the company's history of prior breaches.
Source: BleepingComputer (Trade Media) · View source
Status Change27 May 2026, 02:30
Status changed to monitoring
Auto-transitioned: no updates for 6 hours
active → monitoring
Status Change26 May 2026, 20:18
Lifecycle changed
developing → active
Status Change26 May 2026, 20:14
Status changed to developing
Auto-promoted: multiple sources
signal → developing
Corroboration26 May 2026, 20:14
Charter Communications has confirmed a data breach in which hackers are threatening to leak 42 million records. The incident represents a significant cyber liability exposure for a major US telecommunications provider. The scale of the breach raises questions about potential regulatory action, class action litigation, and cyber insurance claims.
Source: r/CyberAdvice (Social / Community) · View source
Initial Detection26 May 2026, 20:08
Initial Detection
Charter Communications, one of the largest US broadband providers, has confirmed a data breach after the ShinyHunters extortion group claimed to have stolen 40 million customer records via a vishing attack compromising a Microsoft Entra account. The threat actors accessed Charter's Salesforce instance and are demanding ransom to prevent data publication. Charter disputes the sensitivity of exfiltrated data, but the threat actor claims CPNI and customer support data were included.
ShinyHunters claimed to BleepingComputer that they breached Charter on April 1 through a voice phishing (vishing) attack that compromised an employee's Microsoft Entra account. The threat actors used this access to export millions of consumer and business customer records from the company's Salesforce instance.
Source: BleepingComputer (Trade Media) · View source
Lloyd's classifications
Tracking this kind of risk? Get an email when Cyber events escalate.
Get alerts