Corporate Cybersecurity Breaches

Panera Bread has confirmed a cybersecurity incident after the ShinyHunters hacking group posted what it says are 14 million customer records stolen from the restaurant chain, with breach analysts estimating the leak contains data on about 5.1 million unique individuals. The exposed information includes names, email addresses, phone numbers, home addresses and account‑related contact data for anyone who has placed orders or created accounts, which security experts warn can fuel highly targeted phishing, identity‑theft and social‑engineering scams for years. ShinyHunters claims it accessed Panera’s systems through Microsoft Entra single sign‑on, using voice‑phishing tactics that mimic IT staff to trick employees into handing over credentials or approving fake login prompts—an attack pattern that Okta and others have recently warned is surging across U.S. enterprises. After Panera reportedly refused extortion demands, the group released a 760MB archive of customer records on its leak site, underscoring a shift in cybercrime from classic ransomware toward pure data‑theft and doxxing attacks. Panera says it has contacted law enforcement and taken steps to address the incident but has not disclosed how the breach occurred or what remediation it will offer customers, leaving millions of U.S. diners to monitor for scams and credential‑stuffing attacks that could exploit their leaked information.