Restaurant chain Panera Bread has confirmed a data breach affecting approximately 5.1 million customer accounts after the ShinyHunters hacking group posted stolen records online. The breach exposed names, email addresses, phone numbers, loyalty rewards data, and potentially partial payment information for millions of Panera Rewards members and online ordering customers.
Learn how to protect yourself after a data breach on OpenClassActions.com.
What Happened
The ShinyHunters cybercriminal group — known for high-profile breaches at AT&T, Ticketmaster, and other major companies — claimed to have breached Panera Bread’s systems and stolen millions of customer records. Initial reports suggested as many as 14 million records were compromised, but Panera and the breach notification service Have I Been Pwned later revised the confirmed figure to approximately 5.1 million unique accounts.
The stolen data reportedly includes information from Panera’s loyalty rewards program, online ordering system, and customer accounts. A class action lawsuit has already been filed alleging Panera failed to adequately protect customer data and was slow to disclose the breach.
Who Is Affected
If you have a Panera Rewards account, placed online orders through Panera’s website or app, or created a Panera account for any reason, your data may have been compromised. The breach affects 5.1 million accounts across the United States.
What You Should Do
Change your Panera Bread account password and any other accounts where you used the same password. Be especially cautious of phishing emails that appear to come from Panera — attackers with your email and order history could craft convincing fake messages about orders, rewards, or refunds. Monitor your payment methods for unauthorized charges. If the breach included your payment card information, contact your bank about issuing a new card.
This article is for informational purposes only and does not constitute legal advice. Written by Steve Levine for OpenClassActions.org.