ShinyHunters has added Sysco Corporation to its extortion portal, claiming to have compromised more than 61 million Salesforce records containing customer information, employee data, and internal corporate records.
The claim was published as part of a new wave of listings that appeared on the group’s leak site and includes a demand for contact before a stated deadline of June 18, 2026.
The allegations remain unverified. BreachNews has not independently verified the authenticity of the claimed data, nor confirmed that any records originated from Sysco systems.
Sysco is one of the world’s largest food distribution companies, serving restaurants, healthcare facilities, educational institutions, hospitality providers, and other organizations across North America and international markets.
Large Salesforce dataset allegedly compromised
According to the listing, the alleged breach involves more than 61 million records stored across multiple Salesforce tables.
The group claims some of the records contain customer information, employee data, and internal corporate records. No technical details regarding the alleged intrusion were provided.
The listing does not specify whether the data originated from a direct compromise of Salesforce infrastructure, a third-party integration, credential theft, or access to a customer-managed Salesforce environment.
At the time of publication, no sample files had been publicly released by the group.
Part of broader extortion activity
Sysco joins a growing list of organizations recently added to the ShinyHunters leak site. Earlier this week, the group threatened several high-profile organizations with public data releases in what appears to be an expanding extortion campaign.
BreachNews recently reported on additional alleged victims including the Council of Europe, American Tower, JCPenney, Madison Square Garden Sports, Ralph Lauren, and Nexstar in a separate roundup of leak site activity.
The group is using a familiar extortion strategy, publishing alleged victim names and data descriptions while issuing public deadlines intended to pressure organizations into negotiations.
The posting warns that data could be released publicly if contact is not established before the stated deadline.
Company has not issued public statement
Because the claims originate solely from the threat group’s leak site, the scope and authenticity of the alleged compromise remain unclear.
At the time of publication, Sysco had not issued any public statement addressing the claims.
BreachNews will update this article if Sysco confirms an incident or additional evidence emerges regarding the alleged exposure.
