Panera LLC is facing a proposed class-action lawsuit from former and current employees following a data breach that exposed employee information in the first quarter of 2024, as detailed in a complaint filed on June 24 in the U.S. District Court for the Western District of Missouri. The lawsuit, Hollis v. Panera, LLC, alleges that Panera failed to adequately secure personally identifiable information, including Social Security numbers, leading to the unauthorized exposure of employee data. The breach came to light after a systemwide tech outage in March, which was suspected to be a cybersecurity incident, and was officially disclosed to staff in mid-June.
The complaint contends that Panera neglected to implement necessary security safeguards such as encryption or redaction of sensitive data and failed to provide adequate cybersecurity training to its employees. Additionally, the lawsuit criticizes the company for delaying notification to affected employees by nearly three months. Panera has responded by offering affected employees one year of credit monitoring to mitigate potential identity theft risks.
In seeking class-action status, the plaintiff requests damages and calls for Panera to institute a comprehensive security program that includes data encryption and robust employee training on cybersecurity practices. As cybersecurity threats continue to evolve, HR leaders are increasingly advised to collaborate with legal, IT, and information security teams to enhance data protection measures, implement training initiatives, and ensure timely communication with employees regarding cybersecurity updates and protocols.