Panera Bread data breach affects 5.1 million accounts, not 14 million

Based on information from Bleeping Computer, the data breach notification service Have I Been Pwned has revised the number of accounts affected by a breach at U.S. food chain Panera Bread. The incident now appears to have impacted approximately 5.1 million accounts, a significant reduction from the initially reported 14 million.

The ShinyHunters extortion gang claimed to have stolen data from over 14 million Panera Bread user accounts in late January. They subsequently leaked nearly 760 MB of documents on their dark web site after Panera Bread allegedly did not pay a ransom. ShinyHunters stated they gained access through a Microsoft Entra single sign-on (SSO) code as part of a broader voice phishing campaign targeting SSO accounts at Okta, Microsoft, and Google.

Have I Been Pwned's analysis indicates the leaked data contains about 5.1 million unique email addresses, along with names, phone numbers, and physical addresses. The breach also exposed over 26,000 email addresses potentially belonging to Panera Bread employees. Panera Bread has confirmed the breach to authorities, stating that the compromised data is primarily contact information.

Source: Bleeping Computer