Home / Crime and Justice / Panera Bread Breach: 14M Records Stolen
Panera Bread Breach: 14M Records Stolen
31 Jan
Summary
- Over 14 million customer records were stolen by ShinyHunters.
- Stolen data includes names, emails, phone numbers, and addresses.
- The breach was reportedly due to compromised Microsoft Entra SSO credentials.
ShinyHunters, a known hacking group, has claimed responsibility for a massive data breach affecting Panera Bread customers. The cyberattack resulted in the theft of over 14 million customer records, including sensitive personal information such as names, email addresses, phone numbers, home addresses, and account details.
Panera Bread has confirmed the incident, describing the compromised data as contact information. The company has alerted law enforcement and is taking measures to address the security lapse. Cybersecurity experts warn that the exposed Personally Identifiable Information (PII) poses a significant risk of identity theft and social engineering attacks on the dark web.
The breach was allegedly facilitated by exploiting a weakness in Microsoft Entra's single-sign-on (SSO) code. This incident echoes recent warnings from Okta regarding sophisticated voice phishing campaigns targeting SSO platforms, where attackers impersonate IT support to steal user credentials.
This is not the first security lapse for Panera Bread; the company faced a similar breach in 2018. Experts note that repeated compromises underscore the challenges large organizations face in maintaining consistent security across their digital infrastructure, especially with third-party SaaS and identity management solutions.
