The notorious ShinyHunters extortion group has published data allegedly stolen from the telecoms services provider Charter Communications.
ShinyHunters is known for engaging in voice phishing attacks to gain access to victim organizations’ networks and rapidly exfiltrate data that it then threatens to leak online unless a ransom is paid.
The group lists its victims on a Tor-based leak site, and the data it claims to have been stolen from Charter was made available for download on that portal on Thursday, which suggests that the company did not pay a ransom to prevent its publication.
According to ShinyHunters’ post, the stolen data includes over 42 million customer records, along with customer proprietary network information (CPNI).
The number of potentially affected individuals, however, appears to be only 4.9 million, data breach notification website HaveIBeenPwned says.
Its analysis of the data revealed 4.9 million unique email addresses, along with names, addresses, and phone numbers. The data contains 85,000 records associated with employee accounts, each of which includes a job title.
Over the past year, ShinyHunters has claimed numerous high-profile data breaches, mainly involving Salesforce customers. Some of these include Canvas, CarGurus, Carnival, Panera Bread, 7-Eleven, and Grafana.
One of the largest broadband providers in the US, Charter has over 30 million residential and business customers.
“We are aware of the situation, following our security protocols, and are working with appropriate authorities. Only sales tools used to manage current, past, and prospective business customers were impacted; no CPNI or sensitive PI was released by the threat actor,” a Charter spokesperson said, responding to a SecurityWeek inquiry.
Related: Oncology Institute Discloses Data Breach
Related: 266,000 Affected by Data Breach at Radiology Associates of Richmond
Related: DocketWise Data Breach Impacts 143,000
Related:American Lending Center Data Breach Affects 123,000 Individuals
