A published SYSCO ShinyHunters dataset indexed by leaksear.ch contains 7,698,139 records, with the breach date recorded as June 1, 2026 (leaksear.ch metadata). Sysco describes itself as a global foodservice distributor serving restaurants, healthcare and educational facilities, lodging, entertainment venues, and other customers (investors.sysco.com).
What happened
Cybernews reported on June 16, 2026, and updated the article on July 1, that ShinyHunters claimed to have compromised more than 61 million Salesforce records connected to Sysco across several tables. Cybernews said the claim involved customer data, employee records, and internal corporate data, but also reported that no proof samples accompanied the post at the time and that Sysco had not responded to its inquiry (cybernews.com).
Have I Been Pwned later listed the Sysco incident as a June 2026 breach and said published data contained 2.7 million unique email addresses belonging to staff and customers. HIBP characterized the exposed data as largely corporate contact information, including names, phone numbers, physical addresses, internal job titles, usernames, employers, and customer feedback (haveibeenpwned.com).
leaksear.ch indexes 7.7 million records from the published SYSCO ShinyHunters dataset and records the source as Salesforce-related data from the June 2026 campaign (leaksear.ch metadata). The larger 61 million figure remains a threat-actor claim reported by Cybernews, while the 2.7 million unique email count is the figure published by Have I Been Pwned.
What data was exposed
The indexed records include customer and employee contact data such as email addresses, usernames, names, phone numbers, physical addresses, job and employer details, customer feedback, vehicle identifiers, and internal source context (leaksear.ch metadata). Searchable fields in the leaksear.ch index are address, country, date of birth, email, IP address, name, phone, username, and VIN (leaksear.ch metadata).
Additional stored context fields include source file, source payload, source row, and source table metadata. These fields help describe how records appeared in the dataset, but they are not direct search pivots on leaksear.ch (leaksear.ch metadata).
Why this matters
The exposed fields are useful for phishing, business email compromise pretexting, customer impersonation, and targeted scams because they combine contact details with workplace and customer context. For Sysco customers, staff, and business contacts, the presence of names, emails, phone numbers, addresses, usernames, and VINs may help attackers tailor messages that appear operational or vendor-related. Security teams should watch for Sysco-themed lures, credential harvesting attempts, and unusual account activity tied to exposed contact points. If you may have worked for Sysco, done business with Sysco, or used a Sysco-linked account, check whether your email address, phone number, username, name, address, IP address, date of birth, country, or VIN appears in this leak.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include address, country, date of birth, email, ip address, name, phone, username, and vin.