ShellCodeX Breach Report
Sysco Data Breach
sysco.com
Verified breach
Accounts exposed
2,691,852
Breach date
15 Jun 2026
Added to tracker
28 Jun 2026
Data classes
8
What happened
In June 2026, the food distribution company Sysco was targeted by a ShinyHunters "pay or leak" extortion campaign. Data was subsequently published containing 2.7M unique email addresses belonging to staff and customers. The data also contained largely corporate contact information including names, phone numbers, physical addresses, internal job titles, and customer feedback.
Exposed data
Customer feedback
Email addresses
Employers
Job titles
Names
Phone numbers
Physical addresses
Usernames
Recommended actions
- Watch for targeted phishing emails referencing Sysco โ attackers weaponise breach data quickly.
- Stay alert for smishing (SMS phishing) and SIM-swap attempts using your phone number.
- Exposed identity data raises identity-theft risk โ consider credit monitoring or a credit freeze.
- Check whether your email address appears in this breach on haveibeenpwned.com.
Am I affected?
Check whether your email address appears in this breach.
Check on HIBP