June 17, 2024
Panera Bread, an American chain of fast food restaurants, most likely paid a ransom after being hit by a ransomware attack, suggests language used an internal email sent to employees.
Last week, Panera began sending data breach notifications to employees, warning that threat actors stole personal information in a March cyberattack that included names and social security numbers.
While Panera has not publicly disclosed details about their attack, BleepingComputer first reported that Panera Bread suffered a ransomware attack that encrypted all of its virtual machines.
The attack led to a week-long, company-wide disruption that affected their website, phone systems, mobile app, point-of-sale, and internal systems.
BleepingComputer later learned that one of their storage servers was not encrypted in the attack, allowing the company to rebuild and restore servers from backups.
However, no ransomware gang ever claimed the attack or leaked stolen data, indicating that a ransom was paid.
Just as the data breach notifications were being emailed on Thursday, an alleged employee claimed on Reddit that Panera paid a ransom to have the hackers delete the stolen data and avoid a public leak.
