Industry - Data Breach
Executive Summary
HVAC/R wholesale distributor Baker Distributing Company suffered a data breach in May 2025 when the ShinyHunters extortion group extracted data from the company's SharePoint and Salesforce systems, exposing information from approximately 103,000 accounts. The leaked data included email addresses, names, physical addresses, phone numbers, and customer support tickets related to Baker's HVAC contractor customer base. While the exposed information was primarily corporate contact and support data...
What Happened
In May 2025, the ShinyHunters extortion group extracted data from Baker Distributing Company's SharePoint and Salesforce systems and publicly released it in early June 2026 after adding the company to their 'pay or leak' site. The breach exposed information from approximately 103,000 accounts, including email addresses, names, physical addresses, phone numbers, and customer support tickets related to Baker's HVAC contractor customer base. The compromised data consisted primarily of corporate contact information and support records rather than highly sensitive personal or financial data.
Who Is Affected
Approximately 103,000 individuals are affected, primarily HVAC contractors and business customers who had accounts or support interactions with Baker Distributing Company. The exposed information includes their business and potentially personal contact details such as email addresses, names, phone numbers, and physical addresses, along with records of their customer support communications with the company.
Why It Matters
This incident demonstrates the ongoing threat from organized extortion groups like ShinyHunters who target corporate cloud infrastructure including widely-used business platforms like SharePoint and Salesforce. While the exposed data was characterized as having limited sensitivity, the combination of contact information and support ticket details could enable targeted phishing attacks, social engineering schemes, or business email compromise attempts against the affected contractors and their companies.
What You Should Do
If you are a Baker Distributing customer or contractor, monitor your email for suspicious messages or phishing attempts that reference your business relationship with Baker or details from support interactions. Enable two-factor authentication on all business accounts, particularly email and cloud service accounts, to add protection against unauthorized access. Be cautious of unsolicited communications claiming to be from Baker Distributing or related vendors, and verify any requests through known official channels before responding or providing additional information.
Summary generated from verified sources and reviewed before publication. How we summarize.