Charter Communications experienced a data breach affecting 4.9 million accounts, with personal information stolen by the ShinyHunters extortion gang through a voice phishing attack that compromised an employee's account. While Charter confirmed the breach, it stated that no sensitive personal information was exfiltrated, despite the attackers claiming to have accessed extensive customer data.
The Charter Communications data breach highlights the critical need for robust identity management and access controls, particularly against voice phishing (vishing) attacks. Implementing measures such as disabling legacy authentication, using hardware-based FIDO2 MFA, and ensuring that employees do not have direct access to sensitive account credentials could mitigate similar breaches. This incident underscores the importance of proactive security measures to protect against social engineering threats.