Now we know what happened to Panera Bread

Posted by brilokuloj on Jul 22, 2024

Four months ago, I asked the question burning a hole in my head: what is happening to Panera Bread? Well, folks, the truth is finally out – it’s everything we could have imagined and then some.

In June, a now-anonymous Redditor published a post titled “Panera Leaked All Its Employees Data”, finally confirming the predominant theory that the total server outage in March was the result of a ransomware attack.

Transcription of the attached screenshot of an email from corporate:

Transcript

Team Panera,

We wanted to make you aware that on June 13, 2024. we will be mailing notification letters regarding a recent security incident. The letter will explain that on March 23, we detected and promptly took measures to address a security incident that involved unauthorized access to our network on that same day. A cybersecurity firm was engaged to investigate the matter. Law enforcement was also notified. Following a thorough investigation, we identified unauthorized access to internal files. The files are being reviewed. We recently learned that some of the files contained personal information regarding employees, and we are notifying those employees.

The letter the notified employees will receive will provide them with details of the personal information that was accessed. We are providing the notified employees with the option to sign-up for a membership of a credit monitoring and identity management service, free of charge. Information on how to sign up will be included in the letter. Please note that we obtained assurances that the information involved was deleted and will not be published. As of now, there is no indication that the information accessed has been made publicly available. If you have any questions, please call the dedicated call center at 888-498-7142 which is now live. Individuals will be available to answer your questions Monday through Friday 9am — 9pm Eastern Time.

We regret that this incident occurred and apologize for any inconvenience. We take these matters seriously and are committed to reviewing and enhancing our existing security measures.

We greatly appreciate your understanding and patience throughout this process.

Sincerely,

KJ Payette
Senior Vice President & Chief People Officer

A month later, Panera would continue to dig their hole deeper in a paywalled interview. If we’re to take this Reddit post (by Silvawuff, a moderator of r/Panera and prominent pro-union poster) at face value, Debbie Roberts (the executive vice president of Panera) allegedly responded to an inquiry about the data breach by immediately redirecting the discussion onto the company’s new “Chicken Bacon Rancher”.

LJ: It was recently reported that in March, there was a significant data breach that revealed sensitive employee information. What measures is Panera taking in response to protect its workers?

Debbie: Security is a top priority for us, and we’re taking substantial steps to strengthen our systems and protect our employees and team members’ information. However, I’d love to shift focus to our new offerings—have you had a chance to try our Chicken Bacon Rancher? It’s quickly becoming a new fave.

In a now-deleted comment on Panera Leaked All Its Employees Data, an anonymous Redditor came forward with allegations that corporate had been not only directly lying to them, but also encouraging them to perpetuate this lie to workers further down the line:

Yeah we were all told specifically to deny to everyone including Cafes that any data was breached or anything hacking related happened - they told us to make sure they did not think this and then assured us it was hardware related. The only reason we believed them was because of the massive lay offs we had at a corporate level so people assumed some generational knowledge on building the infrastructure was lost

Employees who quit – as long ago as 2021, possibly longer – have been receiving letters in the physical mail informing them of the data breach. Nobody has confirmed a cutoff point. It’s hard to say if we’ll ever find out where it ends, given that former workers from before 2020 are unlikely to still be reading the subreddit.

Another comment brought to my attention that Panda Express also had a data breach in March 2024, only a few weeks before Panera’s. It’s impossible to say if these were connected in any way, given that neither restaurant is going to come forward with any more information about it, but it is a worrying omen.

On the bright side for the working class, Panera is now once again knee-deep in class action lawsuits. At least nine of them!

Categories: food

Tagged: panera bread cybersecurity fast food 2024 reddit