It appears that Panera Bread has had a data breach. Initial reports have said that 14 million people have been affected. Which is bad. Especially given that they had a data leak in 2018. Well, news has surfaced that the Panera Bread data breach has affected 5.1 million accounts, not 14 million customers as previously reported.
Ensar Seker, CISO at SOCRadar:
“The distinction matters, but it doesn’t materially reduce the risk. Accounts are what attackers monetize, credentials, contact data, and reuse potential, not abstract “customers.” From a defender’s perspective, 5.1 million compromised accounts still represents a massive downstream risk for credential stuffing, phishing, and identity-based attacks well beyond Panera itself.
This incident reinforces a clear trend: attackers are no longer “breaking in,” they’re logging in. Vishing-driven SSO compromise bypasses many traditional security controls because authentication flows are trusted by design. If identity becomes the new perimeter, then SSO misconfiguration, MFA fatigue, and help-desk social engineering are now tier-one attack vectors.
What’s notable here is scale and repeatability. Targeting identity providers allows attackers to industrialize access across hundreds of organizations with similar playbooks. This isn’t about Panera specifically, it’s about systemic weaknesses in identity assurance, employee verification, and SSO recovery workflows.
Companies need to treat identity telemetry with the same rigor as endpoint or network signals. That means stricter SSO enrollment controls, hardened help-desk verification, phishing-resistant MFA, and continuous monitoring for anomalous authentication behavior, especially for admin and customer-facing identity systems.”
Paul Bischoff, Consumer Privacy Advocate at Comparitech:
“It’s reasonable to ask whether ShinyHunters or Panera Bread is lying about how many people were compromised in this attack. I would defer to Panera. ShinyHunters estimated the number of customers in the database based on the total number of records, but it didn’t account for duplicates and other outliers. According to breach disclosure laws, Panera Bread combed through the data and found contact information to notify every person affected. Therefore, Panera’s investigation is much more thorough and it’s legally obligated to tell the truth.”
Chris Hauk, Consumer Privacy Champion at Pixel Privacy:
“As always in breaches like this, Panera needs to be upfront with their customers and employees as to how bad the breach is and what the company is doing to protect their data and to guard against future attacks such as this. Employees and customers both should take advantage of any free credit and identity monitoring services that Panera will surely offer.
Unfortunately, this breach exposes the flaws in single sign-on (SSO) services such as those offered by Google, Microsoft, and others. Such services are susceptible to social engineered phishing schemes that trick employees and customers into entering their SSO credentials into fake company portal sites. Once that information is harvested, any site or service that uses those credentials could likely be accessed.”
While a lower number is good. It doesn’t change the fact that Panera got pwned. Whether this is one or one million people who got affected, pwnage is bad. The universe has to get to a place where pwnage isn’t a thing so that nobody has to worry about being affected.
Ricoh acquires leading Canadian workplace technology and collaboration integrator ET Group
Posted in Commentary with tags Ricoh on February 2, 2026 by itnerdRicoh today announced the acquisition of ET Group, a leading Canadian workplace technology and collaboration integrator. This strategic acquisition by Ricoh Canada Inc. accelerates Ricoh’s expansion into high‑growth digital services, strengthens its position as a leading provider of end‑to‑end workplace experience solutions in Canada, and reinforces its global strategy to support an evolving workplace environment.
By integrating ET Group’s audiovisual (AV) engineering expertise and long‑standing reputation for designing, delivering and supporting enterprise-wide collaboration environments — particularly within government and other highly regulated sectors — Ricoh further enhances its ability to provide scalable, technology‑driven workplace solutions across Canada.
Advancing Ricoh’s Digital Services Strategy
This strategic investment expands Ricoh’s digital workplace capabilities with:
The acquisition formalizes and expands the existing partnership between Ricoh and ET Group, which will operate as a wholly owned subsidiary of Ricoh Canada.
Building a Stronger Service Network for Public‑ and Private‑Sector Organizations
ET Group brings a highly skilled team of AV engineers, designers, project managers, and support specialists trusted by major corporations, government agencies, and judicial systems. Its expertise in secure, resilient environments complements Ricoh’s footprint with Canada’s large enterprises and public institutions.
Customers will benefit from a more comprehensive service ecosystem that now integrates:
This combined portfolio enables organizations to design, connect, and manage the workplace as a unified, intelligent environment.
Ricoh continues to make investments globally to deliver enhanced meeting experiences and hybrid work solutions for organizations worldwide, including the acquisitions of Presentation Products, Inc. (PPI) and Cenero (United States); DataVision, Pure AV, and AVC (EMEA); and Videocorp and Go2neXt (Latin America).
Leave a comment »