68/69 Wednesday, February 4, 2026
Have I Been Pwned (HIBP) has confirmed that the Panera Bread data breach affected approximately 5.1 million user accounts, a figure significantly lower than the 14 million accounts previously claimed by the cybercriminal group ShinyHunters. The group alleged that it had gained access to Panera Bread’s systems and stolen a large volume of user data before attempting to extort the company. After the ransom attempt failed, the attackers publicly released a data file of roughly 760 MB in early 2026.
According to HIBP, the exposed data includes about 5.1 million unique email addresses, along with related account details such as full names, phone numbers, and physical addresses. Panera Bread has stated that the leaked information was limited to contact data and that the incident has been reported to the relevant authorities. However, as of now, there has been no broad public notification to affected users. Cybersecurity media also noted that the actual number of impacted individuals could be lower, as some users may have held multiple accounts.
Panera Bread previously experienced a major data breach in 2018, during which customer information was exposed for several months before the vulnerability was addressed. That incident drew heavy criticism because the company had been warned about the flaw in advance but failed to remediate it promptly. The latest breach once again underscores the ongoing risks to customer data security and highlights the urgent need for large organizations to strengthen their cybersecurity defenses.
