Sysco, a food distribution company, had data on approximately 2.7 million staff and customers exposed after a ShinyHunters extortion campaign resulted in the publication of corporate contact information.
What happened
According to Have I Been Pwned, in June 2026 Sysco was targeted by a ShinyHunters "pay or leak" extortion campaign. When the demand was not met, the threat actors published the stolen data. Cybernews reported the incident involved records sourced from Salesforce.
What was exposed
The published data included approximately 2.7 million unique email addresses belonging to Sysco staff and customers. According to HIBP, the exposed information also included names, phone numbers, physical addresses, job titles, employer details, usernames, and customer feedback — largely corporate contact information.
Who is affected
Around 2.7 million individuals are affected, including Sysco employees and customers whose contact details were stored in the company's systems. The data appears to be primarily business-to-business in nature.
What to do now
If you have interacted with Sysco as a customer or employee, be alert for phishing emails and unsolicited calls using your personal or work details. Consider updating passwords associated with any Sysco-related accounts. Be cautious of targeted social engineering attempts, as job titles and employer information could be used to craft convincing scams.