Panda Restaurant Group, the parent company of Panda Express, Panda Inn, and Hibachi-San, has experienced a significant data breach that targeted its corporate systems in March. The breach resulted in the theft of personal information of an undisclosed number of employees but notably did not affect any guest data or in-store systems and operations. The breach was first detected on March 10, 2024, and primarily involved the data of current and former associates. In response, Panda Restaurant Group secured its systems and began remediation efforts while also engaging with third-party cybersecurity experts and law enforcement to investigate the incident.
The company confirmed that the breach occurred over a period from March 7 to March 11, 2024, during which unauthorized access was gained to its corporate systems. Following the breach, Panda Restaurant Group undertook a detailed investigation to understand the extent of the intrusion and the specific data that was compromised. On April 15, after a thorough review, the company concluded that personal information including names, driver’s license numbers, and non-driver identification card numbers of certain individuals were involved. This information has been communicated to the affected parties through notification letters.
In the wake of the breach, Panda Restaurant Group has not disclosed the exact number of individuals affected but has filed a report with the Office of the Maine Attorney General, outlining the nature of the compromised data. The company has emphasized that there has been no impact on guest data and that the integrity of in-store operations remains intact. This is an ongoing situation, with law enforcement actively investigating the unauthorized access and the actors behind it.
To prevent future incidents, Panda Restaurant Group has implemented additional technical safeguards aimed at enhancing the security of the information it holds. These measures are part of a broader strategy to fortify their systems against similar breaches. The company continues to work closely with cybersecurity professionals to ensure the effectiveness of these new security measures and to safeguard the personal information of its associates and customers.
