In January 2026, Panera Bread suffered a data breach that exposed 14 million customer records, including the unique email addresses of 5.1 million accounts.
After the bakery-café chain refused to comply with an extortion demand, the threat group known as ShinyHunters published the stolen data on the dark web.
The breach, which was added to the Have I Been Pwned (HIBP) database on January 31, 2026, includes over 5.1 million unique email addresses. The leaked information also includes full names, phone numbers, and physical addresses, all of which are classified as personally identifiable information (PII). According to HIBP, around 77% of the email addresses in the breach had previously appeared in other breaches.
Panera Bread, a major US-based fast-casual dining chain with over 2,000 locations across North America, confirmed that the incident involved only contact information and stated that authorities had been notified. However, the company has not issued a public statement on its website or social media channels as of this writing. In response to media inquiries, the company has downplayed the incident's severity, suggesting that no financial or credential data was compromised.
The exposed dataset, listed on a dark web leak site operated by ShinyHunters, is available in a compressed archive of approximately 760MB. The leaked data has already been copied and extensively shared on hacking forums.
Google’s Mandiant published a related report earlier today, which outlines a sharp increase in ShinyHunters-branded extortion operations. The group’s recent tactics include vishing (voice phishing) campaigns targeting employees, credential harvesting via fake login portals, and exploiting compromised single sign-on (SSO) sessions to access cloud services and exfiltrate sensitive data. Mandiant attributes these operations to multiple threat clusters, including UNC6661 and UNC6240, both of which have been linked to harassment of victims and aggressive extortion follow-ups.
While the Panera Bread incident doesn’t appear to involve financial theft or a backend system compromise, the exposure of millions of personal records raises the risk of phishing, fraud, or social engineering attacks against affected customers. Panera Bread customers with membership accounts should be on high alert for such attacks, enabling multi-factor authentication, and monitor personal accounts for suspicious activity.
Mandiant has also published detailed guidance on how organizations can protect against the escalating ShinyHunters attacks.
Leave a Reply