Panera Bread Data Breach 2026

Panera Bread Data Breach

Status: Confirmed
5.1M Unique Emails
14M Total Records
Jan 2026 Breach
Jan 2026 Full Dump

Breach Overview

Threat Actor ShinyHunters
Vector Suspected SSO compromise and social engineering
Date of Breach January 2026
Date of Reporting January 31, 2026
Data Posted January 2026 (dark web leak site)
Records Stolen ~14,000,000 total records; ~5,100,000 unique email addresses
Data Volume ~760 MB (compressed archive)
Data Source Attribution Have I Been Pwned (HIBP)

Summary

In January 2026, Panera Bread suffered a large-scale customer data breach attributed to the ShinyHunters extortion group.

After Panera declined an extortion demand, the attackers published a full customer dataset on a ShinyHunters-operated dark web leak site. The breach was later indexed by Have I Been Pwned (HIBP) on January 31, 2026.

The exposed dataset contains approximately 14 million customer records, including 5.1 million unique email addresses. HIBP analysis shows that roughly 77% of affected email addresses had appeared in prior breaches, significantly increasing reuse and phishing risk.

Panera Bread confirmed the incident involved customer contact information only and stated that law enforcement was notified. As of this writing, the company has not published a formal breach notice on its website or social channels and has minimized the severity in media responses.

The dataset has since been mirrored and redistributed across multiple breach forums, ensuring long-term circulation.

About Panera Bread

Panera Bread is a U.S.-based fast-casual restaurant chain operating over 2,000 locations across North America. The company manages customer data through online ordering, loyalty programs, delivery services, and marketing systems.

If you never created a formal Panera account but received breach notifications, your data may have been collected through:

  • Online food orders or delivery platforms
  • Loyalty or rewards programs
  • Email promotions or marketing sign-ups
  • Partner delivery or payment services

Large consumer brands often aggregate data across multiple systems, increasing exposure even for casual customers.

Data Points Exposed

Data observed in the leaked dataset:
Full name
Email address
Phone number
Home address (street, city, state, ZIP)
Not observed in the leaked dataset:
Passwords
Payment card data
Authentication credentials

Dark Web Verification

Status: Confirmed

  • Independent monitoring confirms that Panera Bread–labeled datasets are publicly available on ShinyHunters leak infrastructure and have been widely redistributed across breach-sharing communities.
  • The archive remains accessible and actively traded.

Threat Actor: ShinyHunters

ShinyHunters is a financially motivated extortion collective responsible for numerous high-profile consumer data breaches.

Recent intelligence, including reporting from Google Mandiant, shows the group escalating operations through:
  • Vishing and voice-cloning attacks
  • Credential harvesting via fake login portals
  • Compromised SSO sessions
  • Aggressive post-breach harassment and extortion

Mandiant links these campaigns to multiple clusters, including UNC6661 and UNC6240.

Impact

The Panera Bread breach does not involve direct financial theft, but it materially increases downstream risk.

Potential impacts include:
  • Targeted phishing using verified contact details
  • Account takeover attempts via credential reuse
  • Address-based scams, fraud, or harassment
  • Data broker enrichment and resale
  • Brand impersonation attacks posing as Panera

This breach primarily fuels secondary exploitation, not immediate loss.

Recommendations for Impacted Clients

If you believe your information may be included, take the following steps:

Check Your Exposure
If you are an ObscureIQ client, this breach has been indexed into your exposure profile.
Non-clients may request a free breach impact check.
Watch for Targeted Phishing
Expect emails or texts referencing Panera orders, loyalty points, or refunds.
Verify directly with Panera.
Secure Email Accounts
Enable MFA. Email is the primary pivot point for follow-on attacks.
Harden Password Hygiene
Change passwords on any accounts sharing the same email address.
Mask Your Home Address
Suppress exposed addresses and phone numbers from data brokers and search engines.
Reduce Future Exposure
Limit loyalty programs and marketing opt-ins tied to your real address and phone number.
Credit

What Is Credit Monitoring? And Do I Want It? (Answer: Not Really)

July 14, 2025
Every time there’s a major data breach, companies scramble to offer “free” credit monitoring. It sounds like a responsible move.…
breach economycredit freezecredit scoreequifaxexperian
Credible Threats

Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars.

September 2, 2025
Lock Down Browsers. Wipe Employee Footprints. Win Breach Wars. Over 80% of security incidents now start in the browser. Chrome.…
brave browserbreachesbrowser exploitbrowserschrome
Analysis

Sextortion Spam

May 10, 2025
Sextortion scams aren’t new, but they remain one of the most effective forms of cyber-enabled fraud. These scams don’t rely…
bitcoindeadlinefeargoogle maps apiransom

Contact ObscureIQ for a free breach impact check.

If you believe your information may be part of this breach,or want confirmation across other datasets,

We use a multi-layered intelligence stack, combining public and restricted dark-web sources, to confirm whether your data is in circulation.