Security Affairs
U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Panda Restaurant Group disclosed a data breach

Panda Restaurant Group disclosed a data breach that occurred in March, resulting in the theft of associates’ personal information. Panda Restaurant Group disclosed a data breach that occurred in March, resulting in the theft of personal information belonging to its associates. Panda Restaurant Group, Inc. is the parent company of Panda Inn, Panda Express and […]

Panda Restaurant Group

Hells Kitchen, NYC

Panda Restaurant Group disclosed a data breach that occurred in March, resulting in the theft of associates’ personal information.

Panda Restaurant Group disclosed a data breach that occurred in March, resulting in the theft of personal information belonging to its associates.

Panda Restaurant Group, Inc. is the parent company of Panda Inn, Panda Express and Hibachi-San. Panda Express is the largest Asian-American restaurant chain in the United States, with 2,200 branches and over $3 billion in sales.

Panda Express has approximately 47,000 associates in its branches.

The company discovered the security breach on March 10, 2024, the attack impacted some corporate systems. The incident did not impact the company’s in-store systems, operations or guest experience.

Panda Restaurant Group took immediate action to respond to the incident by securing its infrastructure and investigate the scope of the security breach with the help of third-party cybersecurity specialists.

“After a thorough investigation, we determined that certain information maintained on our corporate systems was accessed by the unauthorized actor between March 7-11, 2024. With the support of third-party experts, we then began a thorough review of the data affected to identify the specific information and individuals impacted.” reads the Breach Notification sent to the impacted individuals. “On April 15, we concluded our review of impacted data and determined that your personal information was involved.”

Exposed information included associates’ first and last names, and other personal identifiers in combination with Driver’s License Number or Non-Driver Identification Card Number. The company has no evidence of misuse of information involved in this incident.

Panda Restaurant is offering impacted individuals a complimentary <<12/24>>-month membership of CyEx’s Identity Defense Total – 3 Bureau credit monitoring and identity protection services.

The company also recommends individuals to stay vigilant for identity theft and fraud by routinely checking their credit reports and account statements for any signs of suspicious activity or errors.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, Panda Restaurant Group)