Panera Bread, the US fast-casual food chain, has begun notifying its employees of a data breach, after a “security incident” in March led to threat actors stealing employees’ personal information.

In breach notification letters filed with the Office of California’s Attorney General, Panera informs affected individuals that a cybersecurity firm was brought in to investigate the unauthorized access to internal files and, after the files were reviewed, determined that they contained names and Social Security numbers. Not only that, but additional information connected to the individuals’ employment could have also been in the files.

Panera said that while there is no indication that “information has been accessed and been made publicly available,” it is offering a one-year membership to CyEx’s credit monitoring, identity detection, and resolution of identity theft service. It also notes that it has taken additional steps to enhance its security safety measures.

Though Panera has failed to provide more detail as to what kind of breach occurred and who the threat actors are, some researchers have raised suspicions that the company was hit by a ransomware attack that caused the initial outage in its ordering system, mobile apps, and loyalty program in March. 

The company urges individuals to be vigilant of attempted fraud or identity theft and to review account statements often.

Source: www.darkreading.com