Panera Bread data breach affects over 5 million customers

Hackers release a 760 MB archive containing customer names, addresses, and phone numbers after extortion attempt fails

Millions of Panera customer records posted online | ©Image Credit: Wikimedia Commons / Mike Mozart
©Image Credit: Wikimedia Commons / Mike Mozart

Panera Bread is dealing with a large customer data leak after hackers released millions of records online when an extortion attempt failed.

The hacking group ShinyHunters claimed responsibility, saying it pulled roughly 14 million records from Panera’s systems. So far, about 5.1 million unique email addresses tied to the company’s customers have shown up in the leaked data, as per breach tracking site Have I Been Pwned.

The files were posted in late January 2026 on a hidden dark-web site (Tor-based leak site) run by the hacking group, all contained in a roughly 760 MB archive. Aside from email addresses, the data includes customer names, phone numbers, and physical addresses.

Panera has confirmed the breach but has not shared many details beyond that. In a statement to Reuters, the company said hackers accessed customer contact information. It has not said when the intrusion began or how long the attackers had access.

This was not a case of hackers exploiting a software bug

According to threat intelligence from Google’s Mandiant team tracking the broader ShinyHunters campaign, which is consistent with the group’s own claims, the attackers gained access by impersonating employees over the phone and convincing someone to hand over single sign-on authentication codes. That gave them access to Panera’s cloud-based systems, including internal software tied to Microsoft’s identity and access management service, Entra.

Once inside, ShinyHunters attempted to extort the company, though specific details of the ransom demand have not been disclosed. When the extortion attempt failed, the hackers published approximately 760 megabytes of stolen customer data on a Tor-based leak site.

The same group has used similar tactics in recent weeks against other companies. Betterment, Crunchbase, and SoundCloud have all confirmed breaches linked to ShinyHunters.

Security analysts say the scale of the Panera leak matters even if the stolen data looks basic.

Millions of exposed email addresses and phone numbers tend to resurface in phishing attempts long after the original breach fades from view. Messages that appear unrelated to Panera may trace back to this dump months from now.

Panera has not said whether affected customers will be notified directly.

For now, the data is out. And once it’s posted, there’s no putting it back.

Sources: SecurityWeek, Reuters, HIBP