Ransomware victim disclosure
← All victimsPanera Bread
Claimed by Hunters International · listed 6 months ago
Status timeline
- ListedJan 27, 2026
- Data leakeddate unknown
At a glance
- Status
- Data leaked
- Country
- United States
- Sector
- Hospitality and Tourism
- Listed on leak site
- Jan 27, 2026
- Records
- 14M Records
About the victim
AI dossier — public-source company profilePanera Bread is a major American fast-casual restaurant chain headquartered in St. Louis, Missouri, operating thousands of bakery-café locations across the United States and Canada. The company offers baked goods, sandwiches, soups, and beverages, and maintains large-scale customer loyalty and digital ordering programs. Panera is owned by JAB Holding Company and serves millions of customers annually.
- Industry
- Fast Casual Restaurant Chain
- Address
- 3 Panera Way, St. Louis, Missouri 63132, United States
- Employees
- 100000+
- Founded
- 1987
Attack summary
Severity: critical — 14 million records represents a very large-scale exfiltration of what is likely customer PII (names, emails, addresses, loyalty account data) from a major consumer-facing company, with data_published status confirming actual release of the data rather than merely a claim.Hunters International claims to have exfiltrated approximately 14 million records from Panera Bread, with the disclosure status marked as data_published, indicating the stolen data has been released or made available.
Data the group says was taken
AI dossier — extracted from the leak post- Customer records (est. 14 million)
- Potentially loyalty program data
- Potentially personally identifiable information (PII)
- Potentially employee records
What the group claims
Records: 14M Records | Updated: 27 Jan 2026 | Note: Don't be the next headline. | Don't be an idiot like this company. Make the right decision, don't be the next headline.
Source
Indexed 6 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

