Panera Bread data breach exposes 5.1M customers

Another large user marque has joined the increasing database of companies deed by superior information breaches. Panera Bread has confirmed a cybersecurity incidental aft the hacking radical ShinyHunters claimed it stole millions of lawsuit records.

The breach exposes a wide scope of idiosyncratic details, raising existent concerns for anyone who has ever placed an order, created an relationship oregon shared interaction accusation with the fashionable bakery chain.

Sign up for my FREE CyberGuy Report
Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox. Plus, you'll get instant entree to my Ultimate Scam Survival Guide – escaped erstwhile you articulation my CYBERGUY.COM newsletter.

SUBSTACK DATA BREACH EXPOSES EMAILS AND PHONE NUMBERS

Panera Bread confirmed a information breach aft hackers claimed they stole millions of lawsuit records containing interaction information.  (AP Photo)

What happened successful the Panera Bread information breach?

ShinyHunters added Panera Bread to its information leak tract earlier this year, initially claiming it had stolen much than 14 cardinal lawsuit records. According to the group, the stolen information includes names, email addresses, telephone numbers, location addresses and account-related information.

Panera Bread has since confirmed a cybersecurity incident. In a connection to media outlets, the institution described the exposed information arsenic lawsuit "contact information" and said it has contacted instrumentality enforcement and taken steps to code the incident. Panera has not shared method details astir however the onslaught occurred oregon whether customers request to instrumentality circumstantial actions.

Even "contact information" tin beryllium unsafe successful the incorrect hands. When combined, these details tin beryllium utilized for individuality theft, targeted phishing and highly convincing social-engineering scams.

ShinyHunters claims the attackers accessed Panera's systems done Microsoft Entra azygous sign-on (SSO). While Panera has not confirmed that claim, it intimately mirrors caller warnings from Okta astir a surge successful voice-phishing attacks targeting SSO platforms.

In these attacks, criminals airs arsenic IT oregon helpdesk unit and telephone employees directly. They unit targets to o.k. authentication requests oregon participate login credentials connected fake SSO pages. Once attackers seizure league tokens oregon credentials, they tin bypass immoderate forms of multifactor authentication and determination laterally done institution systems. This attack relies connected quality spot alternatively than method exploits, making it progressively effective.

How galore radical were really affected?

At archetypal glance, claims that 14 cardinal customers were affected suggested an tremendous breach. However, researchers astatine Have I Been Pwned? aboriginal clarified that the attackers stole 14 cardinal records, not information tied to 14 cardinal unsocial individuals.

After reviewing the leaked dataset, researchers present estimation the breach affected astir 5.1 cardinal unsocial people. The exposed accusation includes email addresses on with associated names, telephone numbers, and carnal addresses.

That favoritism matters, but it does not destruct risk. Once stolen information is released publicly, it tin dispersed rapidly crossed transgression forums and beryllium reused for years.

149 MILLION PASSWORDS EXPOSED IN MASSIVE CREDENTIAL LEAK

The hacking radical ShinyHunters leaked stolen Panera lawsuit information online aft an attempted extortion failed. (Panera Bread)

Hackers leaked the information aft extortion failed

ShinyHunters reportedly attempted to extort Panera Bread earlier publishing the stolen data. When those efforts failed, the radical released a 760MB archive containing millions of lawsuit records connected its leak site.

This reflects a broader displacement successful cybercrime. Instead of locking systems with ransomware, galore groups present absorption connected softly stealing information and threatening nationalist exposure. These attacks are faster, harder to detect, and often conscionable arsenic profitable.

ShinyHunters has utilized akin tactics successful different high-profile incidents involving Bumble, Match Group, Crunchbase and different user platforms.

Lawsuits filed aft Panera breach disclosure

The breach has already triggered ineligible fallout. Multiple class-action lawsuits person been filed successful U.S. national court, alleging that Panera failed to adequately support lawsuit data.

The lawsuits assertion Panera knew oregon should person known astir information weaknesses and question damages, improved information practices, and semipermanent individuality theft extortion for affected customers. Panera has not publically commented connected the litigation.

A troubling signifier for Panera Bread

This is not Panera Bread's archetypal large information lapse. In 2018, a cybersecurity researcher revealed that Panera had near millions of lawsuit records exposed online successful plain text. That incidental aboriginal led to lawsuits and settlements.

Repeated breaches often constituent to deeper challenges. Large organizations tin conflict to unafraid unreality services, individuality systems, and worker entree astatine scale. When attackers people individuality platforms alternatively of infrastructure, a azygous mistake tin exposure millions of records.

We reached retired to Panera Bread for a comment, but did not perceive backmost earlier our deadline. 

GRUBHUB CONFIRMS DATA BREACH AMID EXTORTION CLAIMS

Exposed interaction details similar names, emails, and addresses tin substance phishing scams and individuality theft agelong aft a breach becomes public. (Donato Fasano/Getty Images)

7 steps you tin instrumentality to support yourself pursuing the Panera information breach

When a large user marque suffers a breach, customers often don't recognize the hazard until weeks oregon months later. These steps assistance bounds what attackers tin bash with your accusation if your Panera information falls into the incorrect hands.

1) Use a strong, unsocial password for each account

If you ever created a Panera Bread account, reset its password immediately. If you reused that password anyplace else, those accounts are present astatine risk, too. Attackers routinely trial breached passwords crossed email, buying and banking sites.

A password manager helps by generating strong, unsocial passwords for each relationship and storing them securely truthful you ne'er request to reuse credentials. Many password managers besides alert you if your email oregon passwords look successful known information breaches, giving you an aboriginal informing to fastener things down fast.

Our No. 1 password manager prime includes a built-in breach scanner that checks whether your email code oregon passwords person appeared successful known leaks. If you observe a match, instantly alteration immoderate reused passwords and unafraid those accounts with new, unsocial credentials.

Check retired the champion expert-reviewed password managers of 2026 astatine Cyberguy.com.

2) Enable two-factor authentication (2FA) wherever possible

Two-factor authentication (2FA) adds a 2nd measurement to the login process, usually done an app oregon instrumentality you control. Even if idiosyncratic gets your password done phishing oregon a breach, 2FA makes it overmuch harder for them to entree your account.

3) Be cautious of phishing messages

Cybercriminals often travel up breaches with fake emails oregon in-app messages pretending to connection assistance oregon information updates. Always double-check the sender and debar clicking links. When successful doubt, unfastened the app oregon website straight alternatively than responding to the message. Using beardown antivirus bundle adds different furniture of extortion by flagging malicious links and blocking known threats earlier they tin bash harm. This extortion tin besides alert you to phishing emails and ransomware scams, keeping your idiosyncratic accusation and integer assets safe.

Get my picks for the champion 2026 antivirus extortion winners for your Windows, Mac, Android and iOS devices astatine Cyberguy.com.

4) Limit the idiosyncratic details you share

When names, email addresses, telephone numbers and carnal addresses are exposed, individuality theft becomes a existent risk. Identity theft-protection services show your idiosyncratic information, alert you if it appears connected the acheronian web, and ticker for attempts to unfastened caller accounts successful your name.

If thing does spell wrong, these services often see betterment enactment to assistance frost accounts, quality fraud, and usher you done the cleanup process.

See my tips and champion picks connected however to support yourself from individuality theft at Cyberguy.com.

5) Reduce your integer footprint with a information removal service

Scammers don't trust connected 1 breach alone. They harvester leaked information with accusation from information broker sites to physique elaborate profiles. Data removal services assistance region your telephone number, location code and different idiosyncratic details from hundreds of these sites.

While nary work tin erase everything, reducing what's publically disposable makes it overmuch harder for criminals to people you with convincing scams oregon individuality fraud. This is 1 of the astir effectual semipermanent ways to little your hazard aft immoderate large breach.

Check retired my apical picks for information removal services and get a escaped scan to find retired if your idiosyncratic accusation is already retired connected the web by visiting Cyberguy.com.

Get a escaped scan to find retired if your idiosyncratic accusation is already retired connected the web: Cyberguy.com.

6) Secure your email account

Your email relationship controls password resets for astir services. Protect it with a beardown password and 2FA. Regularly reappraisal login enactment and betterment settings, truthful attackers can't usage your email to instrumentality implicit different accounts.

7) Watch for relationship changes aft breach news

Not each breach leads to contiguous relationship takeovers. In immoderate cases, attackers softly trial entree weeks later. That is wherefore staying alert aft breach reports matters. Watch for password reset emails you did not request, illustration changes you did not make, oregon caller messages you did not send. Unexpected logouts oregon information alerts are besides reddish flags. If you announcement thing unusual, alteration your password instantly and reappraisal your information settings.

Kurt's cardinal takeaway

The Panera Bread information breach is different reminder that adjacent acquainted brands tin go large cyber targets. While Panera says lone interaction accusation was exposed, that information is often capable to substance scams and individuality theft agelong aft headlines fade. Staying proactive aft breach quality is present portion of protecting your integer life.

Do you inactive spot ample brands to support your idiosyncratic information, oregon person repeated breaches changed however overmuch information you're consenting to share? Let america cognize by penning to america astatine Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report
Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox. Plus, you’ll get instant entree to my Ultimate Scam Survival Guide – escaped erstwhile you articulation my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.