The ShinyHunters cyber gang claimed that it stole data from over 14 million Panera Bread accounts, totaling 760 MB in compressed format. According to the actor, the stolen information contains Full names, Email addresses, Phone numbers, Home addresses, Account details, and Personally Identifiable Information (PII). The cyber gang said that the files were leaked because the company didn’t pay an unspecified ransom.
Data breach notification service Have I Been Pwned (HIBP) said that a data breach at Panera Bread affected 5,120,000 accounts, not 14 million accounts as previously reported.
ShinyHunters told BleepingComputer that they gained access to Panera’s systems via a Microsoft Entra single sign-on (SSO) code. The attack was part of a new ShinyHunters voice phishing (vishing) campaign, targeting Single Sign-On (SSO) accounts at Okta, Microsoft, and Google across more than 100 high-profile organizations.
Soon after, the company was hit with two class action lawsuits over data breach.
Panera Bread is a US based bakery-café chain known for its bread, sandwiches, soups, salads, and coffee. Founded in 1987, it employees about 140,000 employees and operates nearly 2,300 locations in the US and Canada.
Read more about it here.