Panera Bread has allegedly fallen victim to a cyberattack carried out by the notorious hacking collective ShinyHunters, with millions of customer records said to have been stolen.
The threat group recently listed Panera Bread, along with CarMax and Edmunds, on its data leak portal. In Panera’s case, attackers claim to have accessed approximately 14 million records. The compromised data reportedly includes customer names, email addresses, mailing addresses, phone numbers, and account-related details. Altogether, around 760MB of compressed data was allegedly extracted from company systems.
In a conversation with The Register, ShinyHunters stated that access to Panera’s network was gained through Microsoft Entra single sign-on (SSO). If accurate, the breach may be connected to a recent alert issued by Okta, which warned that cybercriminals were targeting SSO credentials from Okta, Microsoft, and Google through an advanced voice phishing scheme.
Should that link be confirmed, Panera Bread — which operates thousands of outlets across the United States and Canada — would join a growing roster of companies reportedly compromised through similar tactics, including Crunchbase and Betterment. According to ShinyHunters, both organizations were breached via voice phishing attacks aimed at stealing Okta authentication codes.
To date, most of the affected companies have not publicly addressed the incidents. Betterment is the only firm that has acknowledged a breach, confirming that employees were deceived in a social engineering attack on January 9.
"The unauthorized access involved third-party software platforms that Betterment uses to support our marketing and operations," the company said.
"Once they gained access, the unauthorized individual was able to send a fraudulent, crypto-related message that appeared to come from Betterment to a subset of our customers."
ShinyHunters remains one of the most active ransomware groups currently operating and is notable for abandoning traditional encryption tactics. Rather than locking victims out of their systems, the group focuses solely on stealing sensitive information and pressuring organizations to pay in exchange for keeping the data private — a method that is less complex to deploy but potentially just as profitable.
