leaksear.ch indexed a SYSCO breach dataset containing 1 record, dated May 14, 2026, with identity, contact, account, network and vehicle identifiers (leaksear.ch metadata). Sysco describes itself as a global foodservice distributor serving restaurants, healthcare and education customers, lodging businesses and other organizations that prepare meals away from home (investors.sysco.com).
What happened
Public context around Sysco-related data exposure in 2026 includes more than one reported threat-actor claim. DeXpose reported that the Qilin ransomware group listed Sysco on May 6, 2026 and threatened to publish data if the company did not negotiate (www.dexpose.io).
Cybernews later reported that ShinyHunters claimed on June 16, 2026 to have stolen more than 61 million Salesforce records from Sysco, while also noting that no proof samples accompanied that claim and that Sysco had not responded to its inquiries at the time of publication and update (cybernews.com). Have I Been Pwned lists a Sysco breach added on June 28, 2026, describing subsequently published data containing 2.7 million unique email addresses belonging to staff and customers, with largely corporate contact information (haveibeenpwned.com).
The leaksear.ch indexed dataset is much smaller: 1 record with a breach date of May 14, 2026 (leaksear.ch metadata). The metadata does not identify the intrusion method, the original source system, or whether this record overlaps with the Qilin or ShinyHunters incidents.
What data was exposed
The leaksear.ch index shows searchable fields for address, country, date of birth, email address, IP address, name, phone number, username and VIN (leaksear.ch metadata). The stored record also includes source-file, source-payload, source-row and source-table context, but those fields are not direct search pivots on the platform (leaksear.ch metadata).
Why this matters
Even a single exposed record can create targeted risk if it combines contact information, date of birth, IP address and vehicle data. For the person in the indexed record, the practical concerns are phishing, account impersonation, doxxing, SIM-swap pretexting and scams that reference a vehicle identifier or other personal details. Security teams should treat any confirmed match as an exposure signal and correlate it with account activity, help-desk requests and recent phishing attempts. To check whether your data appears in this leak, use leaksear.ch to search the available pivots for this dataset.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, date of birth, email, ip address, name, phone, username, and vin.