Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Panera warns employees their data may have been leaked following cyberattack

Security.

Panera Bread has confirmed suffering a ransomware attack earlier this year. 

The company sent out a data breach notification letter to affected customers earlier this week, confirming some sensitive customer information was stolen from company servers.

As per the notification letter, the company discovered the attack on March 23, 2024, after which it brought in a third-party cybersecurity firm to remedy the problem and investigate the incident. The company also notified the police, it said.

Identity theft monitoring

Almost two months later, in mid-May 2024, the researchers concluded their investigation and confirmed that people’s names, as well as Social Security Numbers (SSN), were stolen in the attack. 

“Other information you provided in connection with your employment could have been in the files involved,” Panera said. 

Other details are unknown at this time. We have reached out to Panera to learn who the threat actors were, how many people were affected by the incident, and how much money the attackers demanded in exchange for the decryption key and keeping the data private. 

Panera says that so far there is no evidence of the stolen information being released anywhere online. Given how the letter is worded, it could be that Panera expects the data to leak, which could happen in case it declined to pay the ransom. 

Affected customers received a year-long membership to CyEx’s Identity Defense Total, a product that offers credit monitoring, identity detection and resolution of identity theft.

“Enrolling in this program will not hurt your credit score,” Panera concluded.

The ransomware attack was disruptive enough to draw the attention of the media. In early April, BleepingComputer reported that the Panera incident affected its internal IT systems, phones, point of sales system, website, and mobile apps. In fact, while the attack was ongoing, employees could not access their shift details, and were forced to accept cash only.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.