After failing to extort Panera Bread, a group of hackers has reportedly released over 14 million records stolen from the soup and sandwich chain. About 5.1 million of those records contain customer information.
The data was stolen by the ShinyHunters extortion group, according to the SecurityWeek blog. The group is believed to have compromised a Microsoft Entra single-sign-on code in order to gain access to Panera's systems. Entra is a series of network and identity products built by Microsoft to help with security and employee access.
Panera confirmed the breach to Reuters. "The data involved is contact information," the company told Reuters. Crunchbase, Soundcloud and some other companies were also hit in the same hacker raid.
Fortunately, the stolen information only contains email addresses, phone numbers, addresses and names and not financial details. Still, that info could be used in targeted phishing attacks to try and steal even more information or to attempt to gain access to more sensitive accounts like victim's banking or healthcare ones.
How to stay safe after a data breach
Other data breaches or leaks where more sensitive information is leaked may require a password overall, using one of the best password managers. Or even signing up for one of the best identity theft protection services to ensure that your personal information isn't being misused online.
With this kind of data breach though, it will require some extra vigilance on your part. You can check out the site haveibeenpwned.com, where entering your email can tell you if your email address has surfaced in a data breach.
Either way, if you ever gave Panera your information, you'll want to keep an eye out for phishing attempts and social engineering attacks. Be on the alert for anyone sending you texts or emails as well as phone calls that try to get personal information out of you or pressure you into clicking on a particular link or downloading an attachment.
Most of this information, like your name and email address are usually publicly available. It's not illegal for companies to collect it but there can be legal ramifications for failing to secure a database properly. We'll update this article if Panera if and when we find out more including whether or not the company will face regulatory scrutiny as a result of this data breach.
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.
