U.S. meals chain big Panera Bread is notifying staff of a knowledge breach after unknown menace actors stole their delicate private info in a March ransomware assault.
The corporate and its franchises personal 2,160 cafes underneath the names Panera Bread or Saint Louis Bread Co, unfold throughout 48 states within the U.S. and Ontario, Canada.
In breach notification letters filed with the Workplace of California’s Lawyer Basic, Panera mentioned it detected what it describes as a “security incident,” took measures to include the breach, employed exterior cybersecurity consultants to research the incident, and notified legislation enforcement.
“The files involved were reviewed, and on May 16, 2024, we determined that a file contained your name and Social Security number,” the corporate mentioned [PDF].
“Other information you provided in connection with your employment could have been in the files involved. As of the date of mailing of this letter, there is no indication that the information accessed has been made publicly available.”
Panera says it would present these affected by this knowledge breach with a one-year membership to CyEx’s Identification Protection Complete, which incorporates credit score monitoring, id detection, and id theft decision.
The corporate has but to publicly disclose the variety of staff impacted, the menace actor behind the assault, and the character of the incident.
Breached in a ransomware assault, inflicting a week-long outage
Whereas the meals big has but to verify this publicly, BleepingComputer reported in early April that lots of Panera’s digital machine methods have been encrypted in a ransomware assault.
On account of this breach, Panera suffered a large outage that affected its inner IT methods, telephones, level of gross sales system, web site, and cellular apps.
Throughout this widespread system outage, staff couldn’t entry their shift particulars and needed to contact their managers to study work schedules.
Shops have been additionally unable to course of digital funds and needed to settle for money solely, whereas reward program methods have been down, stopping members from redeeming their factors.
Nevertheless, it is unclear which ransomware operation was behind the March breach, as none have claimed duty. This suggests that the menace actors are both ready for a ransom cost or have already acquired it.
Panera has not responded to a number of requests for remark from BleepingComputer concerning the outage and the March ransomware assault.