Panda Restaurant Group disclosed a data breach that occurred in March, resulting in the theft of personal information belonging to its associates.
Panda Restaurant Group, Inc. is the parent company of Panda Inn, Panda Express and Hibachi-San. Panda Express is the largest Asian-American restaurant chain in the United States, with 2,200 branches and over $3 billion in sales.
Panda Express has approximately 47,000 associates in its branches.
The company discovered the security breach on March 10, 2024, the attack impacted some corporate systems. The incident did not impact the company’s in-store systems, operations or guest experience.
Panda Restaurant Group took immediate action to respond to the incident by securing its infrastructure and investigate the scope of the security breach with the help of third-party cybersecurity specialists.
“After a thorough investigation, we determined that certain information maintained on our corporate systems was accessed by the unauthorized actor between March 7-11, 2024. With the support of third-party experts, we then began a thorough review of the data affected to identify the specific information and individuals impacted.” reads the Breach Notification sent to the impacted individuals. “On April 15, we concluded our review of impacted data and determined that your personal information was involved.”
Exposed information included associates’ first and last names, and other personal identifiers in combination with Driver’s License Number or Non-Driver Identification Card Number. The company has no evidence of misuse of information involved in this incident.
Panda Restaurant is offering impacted individuals a complimentary <<12/24>>-month membership of CyEx’s Identity Defense Total – 3 Bureau credit monitoring and identity protection services.
The company also recommends individuals to stay vigilant for identity theft and fraud by routinely checking their credit reports and account statements for any signs of suspicious activity or errors.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Panda Restaurant Group)