"Panda Restaurant Group, the parent company overseeing popular chains such as Panda Express, Panda Inn, and Hibachi-San, has revealed a data breach following a breach of its corporate systems in March. This breach resulted in the unauthorized access and theft of personal information belonging to an undisclosed number of associates.
Panda Express, known as the largest Chinese fast-food chain in the United States, generating over $3 billion in sales annually and employing approximately 47,000 associates across its 2,300 branches, remained unaffected by the breach, with in-store systems, operations, and guest experiences remaining intact.
A spokesperson from the company assured that the breach solely impacted current and former associate data, with no guest information involved. Promptly upon discovery, Panda took swift action to secure its environment, engage in remediation and recovery efforts, and collaborate with third-party cybersecurity experts and law enforcement agencies to investigate the breach's scope and nature.
Following a comprehensive investigation, Panda determined that unauthorized access occurred between March 7-11, 2024, prompting the notification of affected individuals. The breached data, as outlined in notification letters sent to impacted parties and reported to the Office of the Maine Attorney General, included names or other personal identifiers alongside driver's license numbers or non-driver identification card numbers.
Despite ongoing efforts, Panda has yet to disclose the precise number of individuals affected by the breach, continuing to cooperate with law enforcement in their active investigation into the responsible unauthorized actor. Additionally, the company has implemented further technical safeguards to fortify the security of stored information and prevent similar incidents in the future.
Requests for additional details, including the total number of affected individuals and any potential ransom demands from the attackers, remain unanswered by Panda Restaurant Group at the time of reporting."
