Panera Bread reportedly hit by worrying data breach that sees 14 million records exposed - here's what we know

• ShinyHunters stole 14 million Panera Bread customer records via Entra SSO breach
• Attack linked to Okta-targeted voice phishing campaigns affecting multiple companies
• Group exfiltrates data without encryption, demanding payment for stolen information

Panera Bread has reportedly suffered a data breach at the hands of the infamous ShinyHunters hackers, with millions of records, affecting countless customers stolen in the attack.

ShinyHunters added Panera Bread, CarMax, and Edmunds, to its data leak site. For the former, 14 million records were nabbed, which included people’s names, email addresses, postal addresses, as well as phone numbers and account details. In total, 760 MB of compressed data was exfiltrated from the systems.

Speaking to The Register, ShinyHunters said they broke into Panera via Microsoft Entra single sign-on (SSO). If that is true, then this incident is likely tied to Okta’s warning from last week, when the company said it saw ...