Image: Coolcaesar (CC BY-SA 4.0)
Panda Restaurant Group, the parent company of Panda Express, Panda Inn, and Hibachi-San, disclosed a data breach after attackers compromised its corporate systems in March and stole the personal information of an undisclosed number of individuals.
Panda Express is the largest Chinese fast food chain in the United States, with over $3 billion in sales and 47,000 associates working in 2,300 branches.
The company discovered a data security breach on March 10, 2024, which affected some of its corporate systems but left in-store systems, operations, and guest experience unaffected.
As soon as it detected the incident, Panda secured its environment, activated remediation and recovery efforts, and initiated a thorough investigation in collaboration with third-party cybersecurity experts and law enforcement agencies to establish the nature and extent of the breach.
"After a thorough investigation, we determined that certain information maintained on our corporate systems was accessed by the unauthorized actor between March 7-11, 2024," Panda said in notification letters sent to affected individuals.
"With the support of third-party experts, we then began a thorough review of the data affected to identify the specific information and individuals impacted. On April 15, we concluded our review of impacted data and determined that your personal information was involved."
Unknown number of affected people
According to information filed with the Office of the Maine Attorney General, information exposed in the attack includes affected peoples' names or other personal identifiers and their driver's license numbers or non-driver identification card numbers.
Panda has yet to disclose the total number of individuals whose personal information was accessed or stolen in the incident and if they're customers, employees, or both.
"We continue to work with law enforcement who are conducting an active investigation into the unauthorized actor responsible for this incident," the company added.
"Panda also implemented additional technical safeguards to further enhance the security of information in our possession and to help prevent similar events from happening in the future."
When contacted by BleepingComputer earlier today, a Panda Restaurant Group spokesperson was not immediately available to provide additional details regarding the incident.
