Threat Actor: Unknown | Unknown
Victim: Panda Restaurant Group | Panda Restaurant Group
Price: Not mentioned
Exfiltrated Data Type: Personal information (associates’ first and last names, Driver’s License Number or Non-Driver Identification Card Number)
Additional Information :
- The data breach occurred in March 2024.
- The breach impacted some corporate systems but did not affect in-store systems, operations, or guest experience.
- Panda Restaurant Group took immediate action to secure its infrastructure and investigate the breach with the help of third-party cybersecurity specialists.
- Exposed information included associates’ personal identifiers in combination with Driver’s License Number or Non-Driver Identification Card Number.
- No evidence of misuse of the information involved in the breach.
- Panda Restaurant Group is offering impacted individuals a complimentary 12/24-month membership of CyEx’s Identity Defense Total – 3 Bureau credit monitoring and identity protection services.
- The company recommends impacted individuals to regularly check their credit reports and account statements for any signs of suspicious activity or errors.
Panda Restaurant Group disclosed a data breach that occurred in March, resulting in the theft of personal information belonging to its associates.
Panda Restaurant Group, Inc. is the parent company of Panda Inn, Panda Express and Hibachi-San. Panda Express is the largest Asian-American restaurant chain in the United States, with 2,200 branches and over $3 billion in sales.
Panda Express has approximately 47,000 associates in its branches.
The company discovered the security breach on March 10, 2024, the attack impacted some corporate systems. The incident did not impact the company’s in-store systems, operations or guest experience.
Panda Restaurant Group took immediate action to respond to the incident by securing its infrastructure and investigate the scope of the security breach with the help of third-party cybersecurity specialists.
“After a thorough investigation, we determined that certain information maintained on our corporate systems was accessed by the unauthorized actor between March 7-11, 2024. With the support of third-party experts, we then began a thorough review of the data affected to identify the specific information and individuals impacted.” reads the Breach Notification sent to the impacted individuals. “On April 15, we concluded our review of impacted data and determined that your personal information was involved.”
Exposed information included associates’ first and last names, and other personal identifiers in combination with Driver’s License Number or Non-Driver Identification Card Number. The company has no evidence of misuse of information involved in this incident.
Panda Restaurant is offering impacted individuals a complimentary <<12/24>>-month membership of CyEx’s Identity Defense Total – 3 Bureau credit monitoring and identity protection services.
The company also recommends individuals to stay vigilant for identity theft and fraud by routinely checking their credit reports and account statements for any signs of suspicious activity or errors.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Panda Restaurant Group)
Original Source: https://securityaffairs.com/162633/data-breach/panda-restaurant-group-data-breach.html