Spectrum Faces Class Action Over Data Breach That Exposed 40 Million Customer Records

Charter Communications Faces Federal Lawsuit Over Massive Security Failure

Mariah Kent filed a class action lawsuit against Charter Communications Inc., operating as Spectrum, in Connecticut federal court on June 1. The plaintiff accuses the telecommunications giant of failing to properly secure and safeguard the personally identifiable information of both Spectrum customers and employees. Kent alleges violations of multiple state and federal consumer protection laws, claiming the company failed to comply with industry standards for protecting information systems that contain or transfer sensitive personal data. The compromised information allegedly includes full names, email addresses, physical addresses, telephone numbers, account plan information, and customer support ticket details.

The complaint centers on a data breach that allegedly exposed more than 40 million customer records to unauthorized access. According to the lawsuit, the attack began around April 1, 2026, when the ShinyHunters group allegedly used a voice phishing scam to obtain an employee’s Microsoft Entra login credentials. The hackers then gained access to the company’s Salesforce environment, where vast amounts of customer data resided. Kent demands a jury trial and requests declaratory and injunctive relief, along with an award of damages for herself and all class members who had their personal information accessed or acquired by unauthorized parties.

Cybersecurity Failures at the Heart of Legal Claims

The class action lawsuit directly targets Charter Communications’ alleged failure to maintain reasonable cybersecurity measures. The complaint specifically highlights inadequate employee training programs to recognize and resist social engineering attacks. Social engineering attacks represent a common vector for data breaches, exploiting human vulnerabilities rather than technical system weaknesses. Kent claims that proper training and safeguards could have prevented the initial compromise of employee credentials that gave hackers their entry point into Spectrum’s systems.

The lawsuit alleges that more than 40 million customer records suffered compromise as a result of the breach. The compromised data includes certain customer proprietary network information, such as service usage patterns and call history data, which telecommunications companies have legal obligations to protect under federal regulations. Kent seeks to represent anyone residing in the United States and its territories whose personally identifiable information was accessed or acquired by unauthorized parties as a result of the Spectrum data breach. This broad class definition could potentially encompass millions of affected customers across the country.

Separate Pricing Dispute Adds to Spectrum’s Legal Troubles

Meanwhile, Spectrum faces additional allegations unrelated to the data breach concerning its pricing practices. The company allegedly promised customers fixed monthly rates for internet and TV services during promotional periods lasting one or two years. Customers claim Spectrum increased those prices before the promotional terms ended, violating the terms of their agreements. Current or former Spectrum residential internet or TV customers who experienced unexpected price increases may be able to pursue compensation for these alleged contract violations through separate legal channels.

Minnesota Epilepsy Group Announces Separate Healthcare Data Breach

Wolf Haldenstein Adler Freeman & Herz LLP, a national consumer rights law firm, announced on June 13, 2026, that it is investigating claims on behalf of people impacted by a Minnesota Epilepsy Group data breach. MEG, headquartered in Roseville, Minnesota, announced that personal information of individuals may have been stolen as part of a data breach that occurred in March 2026. The healthcare provider is notifying affected people that stolen data may include names, addresses, dates of birth, Social Security numbers, details about medical treatment, and health insurance information.

The law firm warned that individuals who received recent notice of the data breach and have experienced concerning activity should consider that their personal information may now be offered for sale on the dark web. Healthcare data breaches present particularly serious risks because medical information remains valuable and permanent, unlike credit card numbers that can be changed. Wolf Haldenstein has experience prosecuting consumer rights litigation in state and federal trial and appellate courts across the country, with attorneys in various practice areas and offices in New York, Chicago, Nashville, and San Diego.

Lansing Community College Suffers Second Breach in Four Years

More than 170,000 people had their information compromised when hackers gained access to Lansing Community College’s systems, Security Week reported this week. In February 2025, LCC discovered that hackers stole information including names, addresses, driver’s license details, and Social Security numbers. An LCC spokesperson declined to comment when reached, stating the college is contacting those impacted directly. This represents the second large data breach in four years at LCC, as information theft has become more common nationally.

Rachel McNealey, an assistant professor of criminal justice at Michigan State University who researches cybercrimes, explained that hackers commonly target large corporations known to possess masses of sensitive data. Breaches at smaller institutions like LCC are often opportunistic, occurring for many different reasons ranging from unsecure passwords to outdated software to employee information leaks. McNealey noted that only LCC truly knows what measures it can implement to prevent similar incidents from happening again.

Stolen Data Fuels Sophisticated Scam Operations

People who steal information often sell it in bulk to others who use the data to carry out scams, McNealey explained. Stolen information can enable harmful actions such as applying for loans in other people’s names. Those whose information suffers compromise can prevent identity theft by taking advantage of free credit monitoring programs, which LCC is offering to those impacted by the recent breach, or by temporarily freezing their credit. These protective measures create barriers that prevent criminals from opening new accounts or obtaining credit in victims’ names.

More commonly, cybercriminals collect personal information to build detailed profiles of individuals, which they then use to carry out phishing attacks and other scams, McNealey said. People whose information was recently compromised should exercise special vigilance against such schemes. Phishing scams represent a common scheme where people receive seemingly legitimate texts or emails from well-known entities like government agencies or private companies. These messages often ask recipients to click on harmful links or make payments, exploiting the trust associated with familiar brands and institutions.

Previously, phishing schemes could often be easily identified because they contained obvious spelling errors, grammatical mistakes, or suspicious sender addresses. Modern phishing attempts have grown increasingly sophisticated, incorporating stolen personal information to make fraudulent communications appear more legitimate and personalized. Criminals use compromised data to reference accurate details about victims’ lives, making their deceptive messages far more convincing and dangerous. Security experts recommend that individuals verify any unexpected requests for personal information or payment by contacting organizations directly through official channels rather than responding to unsolicited messages.