What Happened in the Baker Distributing Data Breach?
Baker Distributing Company, a wholesale distributor of HVAC/R equipment and parts, is the latest victim in a wave of extortion attacks tied to the ShinyHunters group. In May 2026, the company’s name appeared on the group’s dark web “pay or leak” site. This is where cybercriminals list victims and threaten to publish stolen files unless a ransom is paid.
According to available details, the attackers claimed to have pulled data from Baker Distributing’s SharePoint and Salesforce systems. In early June, ShinyHunters followed through on its threat and posted the data publicly. The leaked files reportedly included roughly 103,000 unique email addresses, along with names, physical addresses, phone numbers, and support tickets tied to the company’s HVAC contractor customers.
Because this incident stems from a known extortion campaign, the breach was discovered through the group’s own public listing rather than an internal security alert. As a result, the timeline of when the intrusion actually began has not been publicly disclosed. Forensic details about how attackers first gained access to Baker Distributing’s SharePoint and Salesforce environments also remain unclear at this time.
Given that ShinyHunters has targeted numerous Salesforce-integrated organizations in recent extortion campaigns, this incident fits a broader pattern. However, Baker Distributing has not yet released a detailed public statement explaining the specific attack vector used against its systems.
Who was affected?
The individuals affected by this breach appear to be primarily HVAC contractor customers who interacted with Baker Distributing’s business systems. Because the stolen data includes support tickets, it seems likely that customers who contacted the company for service or product assistance are among those impacted.
The leaked data reportedly covers about 103,000 unique email addresses. However, the exact number of individuals affected has not been publicly disclosed, since one person could have multiple associated records or tickets. The scope appears to be commercial in nature, primarily involving business contacts rather than general consumers.
There is no indication in available information that employee records or highly sensitive personal data, such as Social Security numbers, were part of this leak. Still, anyone who has done business with Baker Distributing, particularly HVAC contractors, should consider themselves potentially affected until more information becomes available.
What Information Was Potentially Exposed?
The data published by ShinyHunters appears to be largely corporate contact and customer support information. While this is a lower-sensitivity data set compared to breaches involving financial or health records, it still carries real risk for those affected.
- Email addresses
- Names
- Phone numbers
- Physical addresses
- Support tickets
Because this combination of information includes direct contact details, it can be used to craft convincing phishing emails or scam calls. For example, a scammer could reference a real support ticket to make a fraudulent message appear legitimate. This tactic, sometimes called pretexting, relies on small details to build trust before requesting sensitive information or payment.
In addition, exposed physical addresses and phone numbers can be combined with other publicly available data to build a fuller profile of a person or business. This increases the risk of targeted scams, unwanted solicitation, or even mail-based fraud schemes. Although this breach does not appear to include financial account numbers or Social Security numbers, affected individuals should still stay alert.
What is the company doing?
At this time, specific details about Baker Distributing’s formal response have not been publicly disclosed. However, the fact that the data has already been published suggests the company either declined to pay the ransom or negotiations did not result in preventing the leak.
Organizations facing this type of extortion attempt typically begin an internal investigation to determine the scope of compromised systems. This often includes working with cybersecurity forensic specialists to secure affected platforms, such as SharePoint and Salesforce, and to determine how attackers gained entry in the first place.
As more information becomes available, affected individuals should watch for official communication from Baker Distributing regarding notification steps or any protective services being offered. Because this incident involves a third-party extortion group publishing stolen files, ongoing monitoring by the company for further leaks is also likely.
What Should Affected Individuals Do?
Monitor for Phishing and Suspicious Contact
Because email addresses, names, and phone numbers were exposed, affected individuals should watch closely for phishing emails, spam calls, or text messages. Scammers often use breached data to impersonate trusted companies or reference real support interactions to appear credible.
If you receive an unexpected message referencing a Baker Distributing support ticket or account, avoid clicking on links or providing personal details. Instead, contact the company directly using a verified phone number or website to confirm the request is legitimate.
Be Wary of Targeted Scam Calls
Since phone numbers and physical addresses were part of the leaked data, some individuals may receive scam calls that reference their real contact information. This can make fraudulent calls seem more convincing than a typical robocall.
As a result, it’s wise to treat unsolicited calls with caution, even if the caller seems to know personal details. Never share payment information or sensitive data over the phone unless you initiated the call yourself.
Monitor Your Accounts and Credit Reports
Even though this breach does not appear to include financial account numbers, it’s still smart to periodically check your credit reports for unusual activity. Identity thieves sometimes combine leaked contact information with data from other breaches to attempt fraud.
You can request free credit reports annually from major credit bureaus. In addition, setting up account alerts for unusual login attempts or changes can help you catch suspicious activity early.
Consult a Data Breach Attorney if Concerned
If you believe you were affected by this breach and are worried about how your information might be used, consider speaking with a data breach attorney. They can help you understand your rights and whether you may be eligible for compensation.
Because class action lawsuits sometimes follow large-scale data breaches, an attorney can also advise you on any deadlines that may apply. A free consultation is typically available and can provide peace of mind while you assess your risk.
