Panera Bread says March cyber attack compromised employees' personal information

American fast food restaurant chain Panera Bread said that a data security incident it suffered in March this year compromised the sensitive personal information of its employees.

 

In a breach notification letter filed with the Office Attorney General of California, Panera Bread said that it detected suspicious activities in its internal network on March 23 and immediately launched an internal investigation, with assistance from external cyber security experts, to determine the notice and scope of the incident.

 

Furthermore, the company took necessary measures to address the incident and notified law enforcement about the same.

 

The investigation revealed that sensitive personal information of its employees was accessed by the threat actor. The compromised data included employees’ names and Social Security numbers and other information provided to the company in connection with their employment.

 

While Panera Bread found no evidence of the compromised information being misused or made publicly available, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through CyEx Identity Defense Total to all affected individuals.

 

Panera Bread’s data security incident caused a widespread outage across all of the bakery giant’s stores in the U.S. While the company kept the stores open, customers were limited to placing orders at the register as the cyber attack affected the digital kiosks within the stores.

 

While the company did not share details on the nature of the data security incident, it was reported that the threat actor who infiltrated the company’s website encrypted certain systems, indicating it could be a ransomware attack.