Panera Bread Data Breach

06/01/2026 · 5,112,502 records · moderate risk

0 /100

Gravity Score

Moderate

Calculated based on the types of data exposed (4 categories) and the volume of affected records (5,112,502).

Breaches at retail and food service brands can still cause real harm because contact data is enough to fuel scams. Once details are posted publicly, attackers can scale spam, phishing, and fake customer support outreach very quickly.

Panera Bread experienced a breach involving a large dataset and an extortion attempt that did not succeed. Afterward, the attackers released the information publicly, increasing the likelihood of wide reuse.

The exposed records included email addresses along with names, phone numbers, and physical addresses tied to accounts. Panera Bread later confirmed that the incident involved contact information and stated that authorities were notified.

While reports referenced 14 million total records, about 5.1 million unique email addresses were exposed. The addition of phone and home address raises the chance of convincing impersonation attempts through calls, texts, and mailed style scams.

Exposed data

Email addresses Names Phone numbers Physical addresses

What to do based on this breach

Be cautious of calls and texts pretending to be Panera Bread asking you to confirm your address or personal details, since phone and address data leaked

Use email spam filters and set rules for messages using your name and claiming delivery or account issues

Review your account privacy and marketing preferences to reduce unwanted outreach based on exposed contact data

Request deletion or restriction of your contact information under GDPR rights, especially if you no longer use the service

What can we learn from this breach?

This incident shows that combined contact details become a strong toolkit for impersonation scams. Organisations should secure customer databases, limit internal duplication, monitor for data exfiltration signals, and respond quickly to extortion attempts. From a privacy standpoint, collection should be proportionate and retention kept to what is necessary.

Was your data exposed?

Check now if your email appears in this breach. It's free, takes 30 seconds and requires no signup.

Check my email

Related breaches

Canadian Tire

01/10/2025 38,306,562 records high risk

4 data types in common

CarGurus

13/02/2026 12,461,887 records moderate risk

4 data types in common

← All breaches