Panera Bread data breach much more serious than we thought - over 5 million customers were hit, new reports claim

News
By published

Panera Bread customer data leaked on the dark web

Zero-day attack
(Image credit: Shutterstock) (Image credit: Shutterstock.com)
  • ShinyHunters breached Panera Bread, stealing 14 million records of customer data
  • Actual impact closer to 5.1 million users, with unique emails, names, phone numbers, and addresses exposed
  • Attack tied to Microsoft Entra SSO compromise, part of broader vishing campaign targeting Okta, Microsoft, and Google SSO

The recent cyberattack against Panera Bread, which saw sensitive customer data stolen, is now thought to have affected many more users than first thought

When ShinyHunters broke into Panera Bread, they stole 14 million customer records, not data on 14 million customers - but Have I Been Pwned? researchers now believe the number of people actually affected is closer to 5.1 million, after analyzing the type of information leaked on the dark web.

"In January 2026, Panera Bread suffered a data breach that exposed 14M records," Have I Been Pwned? explained. "After an attempted extortion failed, the attackers published the data publicly, which included 5.1M unique email addresses along with associated account information such as names, phone numbers and physical addresses."

Abusing Entra SSO

The culprits behind the attack are the infamous ransomware group ShinyHunters, which added Panera Bread to its data leak site, claiming to have grabbed 760MB of compressed data that included people’s names, addresses, postal addresses and phone numbers.

shinyHunters said they broke into Panera via Microsoft Entra single sign-on (SSO). If that is true, then this incident is likely tied to Okta’s warning from recent times, when the company said it saw cybercriminals targeting Okta, Microsoft, and Google SSO codes through a sophisticated voice phishing campaign.

Panera Bread has also officially confirmed falling prey to the attackers.

ShinyHunters is one of the most active ransomware groups at this time, and one of the first which has stopped using an encryptor entirely. Instead of encrypting victim systems, it simply exfiltrates data and demands payment for them. It is easier and cheaper to execute yet pays equally well.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.