Three months after Panera Bread experienced a massive systemwide tech outage in March that was widely speculated to be the result of a cybersecurity breach, the company began informing staff that personal employee data had been leaked. According to some employees posting on the Panera subreddit, a not insignificant number of employees allegedly had their social security numbers leaked.
As a result, a former Panera employee has filed a proposed class action lawsuit — with a potential class of up to 100 current and former employees — against the company for its “failure to protect highly sensitive data.” The lawsuit, filed in the Eastern District of Missouri by a former employee of Panera who worked there from 2022 to 2024, claims that Panera “failed to adequately train its employees on cybersecurity and failed to maintain reasonable security safeguards or protocols to protect [its employees].” Furthermore, the lawsuit takes issue with the fact that Panera “waited a full 86 days” after the breach was discovered to notify affected employees.
The lawsuit states that Panera did inform affected employees that, “the data breach created a present, continuing, and significant risk of suffering identity theft” and suggested that employees remain vigilant for instances of suspected identity theft. Employees who received a letter have stated that Panera is offering a year of a free credit monitoring service to keep an eye on the security of their personal data. Since the breach, the lawsuit states that Panera claims it has “taken steps to further enhance existing security measures,” though no further details have been released.
The plaintiff is asking that the court grant the request for a class action lawsuit, and award the class, “applicable compensatory, exemplary, punitive damages, and statutory damages,” as a result of the damage caused by the data leak.
Nation’s Restaurant News has reached out to Panera for comment.
Contact Joanna at [email protected]