U.S. meals chain big Panera Bread is notifying workers of a data breach after unknown menace actors stole their delicate private data in a March ransomware assault.
The corporate and its franchises personal 2,160 cafes beneath the names Panera Bread or Saint Louis Bread Co, unfold throughout 48 states within the U.S. and Ontario, Canada.
In breach notification letters filed with the Workplace of California’s Lawyer Normal, Panera stated it detected what it describes as a “security incident,” took measures to comprise the breach, employed exterior cybersecurity consultants to research the incident, and notified legislation enforcement.
“The information concerned had been reviewed, and on Might 16, 2024, we decided {that a} file contained your identify and Social Safety quantity,” the corporate stated [PDF].
“Different data you supplied in connection along with your employment may have been within the information concerned. As of the date of mailing of this letter, there isn’t any indication that the data accessed has been made publicly obtainable.”
Panera says it’s going to present these affected by this data breach with a one-year membership to CyEx’s Id Protection Complete, which incorporates credit score monitoring, id detection, and id theft decision.
The corporate has but to publicly disclose the variety of workers impacted, the menace actor behind the assault, and the character of the incident.
Breached in a ransomware assault, inflicting a week-long outage
Whereas the meals big has but to substantiate this publicly, BleepingComputer reported in early April that a lot of Panera’s digital machine techniques had been encrypted in a ransomware assault.
Because of this breach, Panera suffered a large outage that affected its inside IT techniques, telephones, level of gross sales system, web site, and cell apps.
Throughout this widespread system outage, workers couldn’t entry their shift particulars and needed to contact their managers to study work schedules.
Shops had been additionally unable to course of digital funds and needed to settle for money solely, whereas reward program techniques had been down, stopping members from redeeming their factors.
Nevertheless, it is unclear which ransomware operation was behind the March breach, as none have claimed accountability. This means that the menace actors are both ready for a ransom fee or have already obtained it.
Panera has not responded to a number of requests for remark from BleepingComputer concerning the outage and the March ransomware assault.