Panera Bread Breach Affects 5.1 Million Accounts via SSO Compromise

First reported

02.02.2026 15:46

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

The ShinyHunters extortion gang breached Panera Bread's systems via a Microsoft Entra single sign-on (SSO) compromise, exposing 5.1 million unique user accounts. The breach included personally identifiable information (PII) such as names, phone numbers, and physical addresses. The initial claim of 14 million affected customers was clarified to refer to stolen records, not unique accounts. The breach was part of a broader vishing campaign targeting SSO accounts at Okta, Microsoft, and Google across over 100 organizations. Panera Bread has confirmed the breach but has not yet issued a public statement.

Timeline

02.02.2026 15:46 1 articles · 23h ago

ShinyHunters Breaches Panera Bread via SSO Compromise
In January 2026, ShinyHunters breached Panera Bread's systems via a Microsoft Entra single sign-on (SSO) compromise, exposing 5.1 million unique user accounts. The breach included PII such as names, phone numbers, and physical addresses. The initial claim of 14 million affected customers was clarified to refer to stolen records, not unique accounts. Panera Bread has confirmed the breach but has not yet issued a public statement.
Show sources

Panera Bread breach impacts 5.1 million accounts, not 14 million customers — www.bleepingcomputer.com — 02.02.2026 15:46
Open in new tab

Information Snippets

ShinyHunters gained access to Panera Bread's systems via a Microsoft Entra single sign-on (SSO) code.
First reported: 02.02.2026 15:46

1 source, 1 article
Show sources
- Panera Bread breach impacts 5.1 million accounts, not 14 million customers — www.bleepingcomputer.com — 02.02.2026 15:46
The breach exposed 5.1 million unique user accounts, including PII such as names, phone numbers, and physical addresses.
First reported: 02.02.2026 15:46

1 source, 1 article
Show sources
- Panera Bread breach impacts 5.1 million accounts, not 14 million customers — www.bleepingcomputer.com — 02.02.2026 15:46
The initial claim of 14 million affected customers was clarified to refer to stolen records, not unique accounts.
First reported: 02.02.2026 15:46

1 source, 1 article
Show sources
- Panera Bread breach impacts 5.1 million accounts, not 14 million customers — www.bleepingcomputer.com — 02.02.2026 15:46
Panera Bread has confirmed the breach but has not yet issued a public statement.
First reported: 02.02.2026 15:46

1 source, 1 article
Show sources
- Panera Bread breach impacts 5.1 million accounts, not 14 million customers — www.bleepingcomputer.com — 02.02.2026 15:46
The breach was part of a broader vishing campaign targeting SSO accounts at Okta, Microsoft, and Google across over 100 organizations.
First reported: 02.02.2026 15:46

1 source, 1 article
Show sources
- Panera Bread breach impacts 5.1 million accounts, not 14 million customers — www.bleepingcomputer.com — 02.02.2026 15:46
ShinyHunters also breached Match Group and SoundCloud as part of the same campaign.
First reported: 02.02.2026 15:46

1 source, 1 article
Show sources
- Panera Bread breach impacts 5.1 million accounts, not 14 million customers — www.bleepingcomputer.com — 02.02.2026 15:46

Summary

Timeline

ShinyHunters Breaches Panera Bread via SSO Compromise

Information Snippets