Sysco

In June 2026 the extortion group ShinyHunters published data it said it stole from Sysco's Salesforce environment. It claimed around 61 million records; what actually surfaced — and what Have I Been Pwned loaded — was 2,691,852 unique email addresses for a mix of Sysco staff and customers, along with names, phone numbers, physical addresses, job titles, employers, usernames and customer feedback. No passwords or financial account numbers were included. Sysco had not publicly confirmed the breach when the data was released, so the attackers' figures are claims, not verified totals.

ShinyHunters listed Sysco on its dark-web extortion site in mid-June 2026 with a short deadline to pay. The breach is dated 15 June 2026; when the deadline passed the group published the data, and Have I Been Pwned added 2,691,852 accounts on 28 June 2026. It is part of a wider 2026 campaign in which ShinyHunters stole companies' Salesforce data and ran "pay or leak" extortion.

Most people in this leak are business contacts — restaurant owners, chefs, procurement and foodservice buyers — or Sysco staff, and the data is ideal for business scams. Expect emails and calls posing as Sysco or your account rep about an order, an unpaid invoice, a delivery problem or an "account on hold", using your real name, role and company. The dangerous one is a request to change payment or bank details — that is how invoice fraud works. Don't click links, don't call the number in the message, and confirm any payment change by phoning a Sysco contact you already have.

To get your details removed, use Sysco's Global Data Privacy Portal to ask what they hold and request deletion (the same portal covers the UK, Ireland and Canada). No passwords leaked, so there's nothing to reset on your Sysco account — but your username and email are now public, so watch for "unusual login" phishing, and if you reuse your Sysco password anywhere else, change it there.