Panera Bread paid a ransom to prevent data release, employee claims

American fast food restaurant chain Panera Bread most likely paid a ransom to prevent hackers from publishing the data they stole from its network earlier this year.

 

Panera Bread recently disclosed that it detected suspicious activities in its internal network on March 23 and immediately launched an internal investigation, with assistance from external cyber security experts, to determine the notice and scope of the incident.

 

The company said it also took necessary measures to address the incident and notified law enforcement about the same.

 

The investigation revealed that sensitive personal information of its employees was accessed by the threat actor. The compromised data included employees’ names and Social Security numbers and other information provided to the company in connection with their employment.

 

Last week, the company started notifying its employees about the data security incident. Soon after the letters were mailed, an employee revealed on social media that Panera paid a ransom to the threat actors to avoid public leak of the stolen data.

 

“This probably will not make it far but just got out of a corporate meeting where they broke to us that all our data has been stolen since March and they paid the hackers to "not release" its employees data,” the employee said on Reddit.

 

The employee also shared a copy of the email where Panera Senior Vice President KJ Payette said, “Please note that we obtained assurances that the information involved was deleted and will not be published. As of now, there is no indication that the information accessed has been made publicly available.”

 

The fact that no ransomware group claimed responsibility for the cyber attack on Panera Bread and the email shared by Senior Vice President Payette indicates that the company likely paid a ransom to the threat actors who infiltrated its internal network.