ShinyHunters Leak 5.1 Million Customer Records in 2026 Data Attack

Executive Summary

In January 2026, Panera Bread experienced a significant data breach attributed to the cybercriminal group ShinyHunters. The attackers gained unauthorized access to Panera Bread’s systems by compromising a Microsoft Entra Single Sign-On (SSO) code, likely through a vishing (voice phishing) campaign. Following a failed extortion attempt, the attackers publicly leaked a dataset containing 5.1 million unique customer records. The compromised data includes names, email addresses, phone numbers, home addresses, and account details, with Panera Bread confirming that only contact information was exposed. There is no confirmed evidence of payment data exposure. The breach highlights ongoing risks associated with SSO implementations and social engineering attacks in the retail and food service sectors. Panera Bread has notified authorities and stated that steps have been taken to address the incident. The technical analysis confirms the attack vector as SSO compromise via vishing, with no specific software vulnerability disclosed. The incident underscores the need for robust SSO security, phishing-resistant multi-factor authentication (MFA), and comprehensive employee awareness programs.

Technical Information

The breach of Panera Bread’s customer data was executed by the ShinyHunters group, a threat actor known for large-scale data theft and extortion. The attackers exploited a Microsoft Entra SSO code, which allowed them to bypass authentication controls and access sensitive customer information. The primary attack vector was a vishing campaign, a form of social engineering where attackers impersonate IT staff over the phone to trick employees into entering their credentials into a phishing website designed to mimic the legitimate SSO platform. This method enabled the attackers to capture valid login information and session tokens, granting them unauthorized access to Panera Bread’s systems (Mashable, January 30, 2026:…

Source