The Baker Distributing data breach exposed 102,935 records including Email addresses, Names, Phone numbers, Physical addresses, Support tickets. This breach has been verified by HaveIBeenPwned. Affected users should check HaveIBeenPwned.com and take immediate steps to protect their accounts.
What Happened
In May 2026, the HVAC/R wholesale distributor Baker Distributing Company was added to the ShinyHunters data extortion group's "pay or leak" site. In early June, the group publicly published data they claimed had been obtained from Baker's SharePoint and Salesforce infrastructure including 103k unique email addresses along with names, physical addresses, phone numbers and tickets relating to the company's HVAC contractor customer base. The exposed data was largely corporate contact and support information with limited sensitivity.
- Breach date
- 2026-05-23
- Records affected
- 102,935
- Verified
- Yes
- Domain
- bakerdist.com
What Was Exposed
The following data types were included in the breach:
- Email addresses
- Names
- Phone numbers
- Physical addresses
- Support tickets
What You Should Do
If you had an account with Baker Distributing, take these steps immediately:
- Check if your account was affected at HaveIBeenPwned.com
- Watch for phishing emails that reference the breach or impersonate the affected company
- Be alert for social engineering attempts using your exposed personal information
- Enable two-factor authentication on the affected service if available
- Consider using a password manager to generate unique passwords for each service
FAQ
Was my data in the Baker Distributing breach?
What should I do if my data was exposed in the Baker Distributing breach?
When did the Baker Distributing data breach happen?
Need Incident Response?
Sherlock Forensics investigates data breaches for organizations. We determine scope of exposure, identify attack vectors, preserve evidence for legal proceedings and help you meet notification requirements.
Get Incident Response Help