ISO 27001 Certificate
SOC 1 Type I Certificate
SOC 2 Type II Certificate
PCI DSS
HIPAA
RGPD
Internal validation & live display
Multiple badges & continuous verification
Faster underwriting decisions

Panera Bread Company CyberSecurity Posture

panerabread.com
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

Panera began in 1987 as St. Louis Bread Company, a humble community bakery founded with a sourdough starter from San Francisco and a dream of putting a loaf of bread in every arm. While our business has expanded well beyond St. Louis since then, that same sourdough starter is still used in our iconic sourdough bread and the craft of baking bread fresh each day remains at the heart of Panera Bread. Each day, our trained bakers fill our bakery shelves with delicious freshly baked cookies, pastries, bagels, and a range of breads from focaccia to classic baguettes. We believe in serving delicious, freshly prepared, clean food made with carefully selected ingredients that we are proud to serve our own families. Our menu, crafted by chefs and bakers, features classic, comforting dishes, each with an intriguing twist. We respect our planet and take measures to lessen our impacts. We believe in treating people with warmth, kindness, and respect, whether it’s a guest in our cafe or one of our associates. And we believe in helping our local communities, especially in times of need. We’re also focused on improving quality and convenience. With investments in technology and operations, we offer omni-channel access to your Panera favorites – like mobile ordering, catering, and Rapid Pick-Up® for to-go orders, Curbside pick-up and delivery – all designed to make things easier for our guests. Today, Panera operates as both Panera Bread® or Saint Louis Bread Co St. Louis Bread Company in 48 states, the District of Columbia and Canada. Panera Bread is privately held by JAB Holding Company. Panera Bread is part of Panera Brands, one of the largest fast-casual restaurant platforms in the U.S., comprised of Panera Bread®, Caribou Coffee® and Einstein Bros.® Bagels.

Panera Bread A.I CyberSecurity Scoring

AI scorePanera Bread Risk Score (AI oriented)

Between 650 and 699

https://images.rankiteo.com/companyimages/panera-bread.jpeg
Panera Bread Restaurants
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscorePanera Bread Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/panera-bread.jpeg
Panera Bread Restaurants
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Panera Bread Company CyberSecurity News & History

Past Incidents
4
Attack Types
3
EntityTypeSeverityImpactSeenBlog DetailsIncident DetailsView
Panera BreadBreach60404/2018
PAN2122261122
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants suffered a data breach incident. the breach compromised information including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number. The data was left exposed for at least eight months before it was yanked offline.

Panera BreadBreach8543/2024
PAN3962339111225
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: Panera Bread suffered a major data breach exposing sensitive customer information, including **Social Security numbers, addresses, birth dates, and passcodes**, from **73 million accounts** (current and former customers). The breach occurred in two phases: **March 30, 2024**, and **July 12, 2024**, with hackers downloading data from a third-party cloud platform and leaking it on the dark web. The incident led to consolidated state and federal lawsuits, alleging negligence in cybersecurity measures. Customers faced risks of identity theft, fraud, and financial losses, with compensation claims categorized into tiers: **up to $500 for ordinary losses (e.g., credit monitoring)**, **$2,500 for time spent resolving issues**, and **$6,500 for documented extraordinary losses**. The breach severely damaged customer trust and exposed the company to legal and reputational consequences.

Panera BreadData Leak85404/2018
PAN232315622
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: Panerabread.com leaked millions of customer records. It included names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number. The data available in plain text from Panera’s site appeared to include records for any customer who has signed up for an account to order food online via panerabread.com.

Panera, LLCRansomware10042/2024
PAN520072525
Rankiteo Explanation :
Attack with significant impact with customers data leaks

Description: The Washington State Office of the Attorney General reported that Panera, LLC experienced a cybersecurity incident on March 23, 2024, affecting approximately 811 Washington residents. The breach, identified as a ransomware attack, involved unauthorized access to files that included names and Social Security numbers.

Panera Bread
Breach
Severity: 60
Impact: 4
Seen: 04/2018
Blog:
PAN2122261122
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants suffered a data breach incident. the breach compromised information including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number. The data was left exposed for at least eight months before it was yanked offline.

Panera Bread
Breach
Severity: 85
Impact: 4
Seen: 3/2024
Blog:
PAN3962339111225
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: Panera Bread suffered a major data breach exposing sensitive customer information, including **Social Security numbers, addresses, birth dates, and passcodes**, from **73 million accounts** (current and former customers). The breach occurred in two phases: **March 30, 2024**, and **July 12, 2024**, with hackers downloading data from a third-party cloud platform and leaking it on the dark web. The incident led to consolidated state and federal lawsuits, alleging negligence in cybersecurity measures. Customers faced risks of identity theft, fraud, and financial losses, with compensation claims categorized into tiers: **up to $500 for ordinary losses (e.g., credit monitoring)**, **$2,500 for time spent resolving issues**, and **$6,500 for documented extraordinary losses**. The breach severely damaged customer trust and exposed the company to legal and reputational consequences.

Panera Bread
Data Leak
Severity: 85
Impact: 4
Seen: 04/2018
Blog:
PAN232315622
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: Panerabread.com leaked millions of customer records. It included names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number. The data available in plain text from Panera’s site appeared to include records for any customer who has signed up for an account to order food online via panerabread.com.

Panera, LLC
Ransomware
Severity: 100
Impact: 4
Seen: 2/2024
Blog:
PAN520072525
Rankiteo Explanation
Attack with significant impact with customers data leaks

Description: The Washington State Office of the Attorney General reported that Panera, LLC experienced a cybersecurity incident on March 23, 2024, affecting approximately 811 Washington residents. The breach, identified as a ransomware attack, involved unauthorized access to files that included names and Social Security numbers.

Ailogo

Panera Bread Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

🔒
Incident Predictions locked
Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

🔒
A.I. Risk Score Predictions locked
Access Monitoring Plan
statics

Underwriter Stats for Panera Bread

Incidents vs Restaurants Industry Average (This Year)

No incidents recorded for Panera Bread in 2025.

Incidents vs All-Companies Average (This Year)

No incidents recorded for Panera Bread in 2025.

Incident Types Panera Bread vs Restaurants Industry Avg (This Year)

No incidents recorded for Panera Bread in 2025.

Incident History — Panera Bread (X = Date, Y = Severity)

Panera Bread cyber incidents detection timeline including parent company and subsidiaries

Panera Bread Company Subsidiaries

SubsidiaryImage

Panera began in 1987 as St. Louis Bread Company, a humble community bakery founded with a sourdough starter from San Francisco and a dream of putting a loaf of bread in every arm. While our business has expanded well beyond St. Louis since then, that same sourdough starter is still used in our iconic sourdough bread and the craft of baking bread fresh each day remains at the heart of Panera Bread. Each day, our trained bakers fill our bakery shelves with delicious freshly baked cookies, pastries, bagels, and a range of breads from focaccia to classic baguettes. We believe in serving delicious, freshly prepared, clean food made with carefully selected ingredients that we are proud to serve our own families. Our menu, crafted by chefs and bakers, features classic, comforting dishes, each with an intriguing twist. We respect our planet and take measures to lessen our impacts. We believe in treating people with warmth, kindness, and respect, whether it’s a guest in our cafe or one of our associates. And we believe in helping our local communities, especially in times of need. We’re also focused on improving quality and convenience. With investments in technology and operations, we offer omni-channel access to your Panera favorites – like mobile ordering, catering, and Rapid Pick-Up® for to-go orders, Curbside pick-up and delivery – all designed to make things easier for our guests. Today, Panera operates as both Panera Bread® or Saint Louis Bread Co St. Louis Bread Company in 48 states, the District of Columbia and Canada. Panera Bread is privately held by JAB Holding Company. Panera Bread is part of Panera Brands, one of the largest fast-casual restaurant platforms in the U.S., comprised of Panera Bread®, Caribou Coffee® and Einstein Bros.® Bagels.

similarCompanies

Panera Bread Similar Companies

Jimmy John's
jimmyjohns.com

THE SANDWICH OF SANDWICHES℠ At Jimmy John's, we don't make sandwiches. We make The Sandwich of Sandwiches℠. We use fresh vegetables because we don't hate salads, we just feel bad for them. We hand-slice our provolone cheese and meats in-house every day, because packaged pre-sliced meats doesn't ha

Security Report Compare
McDonald's
mcdonalds.com

McDonald’s is the world’s leading global foodservice retailer with over 37,000 locations in over 100 countries. More than 90% of McDonald’s restaurants worldwide are owned and operated by independent local business men and women. McDonald's & our franchisees employ 1.9 million people worldwide.

Security Report Compare
Taco Bell
tacobell.com

Taco Bell was born and raised in California and has been around since 1962. We went from selling everyone’s favorite Crunchy Tacos on the West Coast to a global brand with 8,200+ restaurants, 350 franchise organizations, that serve 42+ million fans each week around the globe. We’re not only the larg

Security Report Compare
Chipotle Mexican Grill
chipotle.com

Chipotle Mexican Grill, Inc. (NYSE: CMG) is cultivating a better world by serving responsibly sourced, classically-cooked, real food with wholesome ingredients without artificial colors, flavors or preservatives. Chipotle has over 3,250 restaurants in the United States, Canada, the United Kingdom, F

Security Report Compare
Five Guys Enterprises
fiveguys.com

History: *1986: The first Five Guys location opens in Arlington, VA. *1986 - 2001: Five Guys opens five locations around the DC metro-area and perfected their business of making burgers… and starts to build a cult-like following. * 2002: Five Guys decides DC metro-area residents shouldn't be the

Security Report Compare
Red Lobster
redlobster.com

With 58,000 employees and more than 700 restaurants in the United States and Canada, and a growing international presence, Red Lobster is the world’s largest seafood restaurant company. Our vision is to be where the world goes for seafood now and for generations. Red Lobster is an innovative, v

Security Report Compare
Raising Cane's Chicken Fingers
raisingcanes.com

Founded by Todd Graves in 1996 in Baton Rouge, La., RAISING CANE'S CHICKEN FINGERS has over 800 restaurants in 41 states, with many new restaurants under construction. The company has ONE LOVE®—craveable chicken finger meals—and is continually recognized for its unique business model and customer sa

Security Report Compare
Outback Steakhouse
outback.com

Made with an Australian flair, born under the Tampa sun. Outback Steakhouse is an Australian-inspired restaurant providing high quality delicious food with Aussie hospitality since 1988. Our success is based on our belief that if we take care of Our People, the institution of Outback will take care

Security Report Compare
Darden
darden.com

Darden’s family of restaurants features some of the most recognizable and successful brands in full-service dining — Olive Garden, LongHorn Steakhouse, Yard House, Ruth's Chris Steak House, Cheddar’s Scratch Kitchen, The Capital Grille, Chuy's, Seasons 52, Eddie V's and Bahama Breeze. We own and ope

Security Report Compare
newsone

Panera Bread CyberSecurity News

November 18, 2025 10:30 PM
After falling sales, Panera is getting an overhaul

Facing a drop in sales, Panera's changes include a menu refresh, adding new locations and bringing back some fan favorites.

Read Article
November 12, 2025 05:01 AM
Panera Bread Data Breach Settlement: Final Day to File Your Claim Arrives

Time is running out for millions of Panera Bread customers affected by a major data breach. Tuesday, November 11, is the final day to submit...

Read Article
November 11, 2025 08:00 AM
Panera Bread customers can claim up to $6,500 in data breach settlement

Today's the final chance to get your share of Panera Bread's $2.5 million data breach settlement. Here's how to submit a claim.

Read Article
November 11, 2025 08:00 AM
Panera Bread's $2.5 Million Settlement: What You Need to Know

Panera Bread has reached a $2.5 million settlement following a data breach in March 2024. This breach exposed sensitive information,...

Read Article
November 08, 2025 08:00 AM
Panera settlement: What are the requirements and how to claim the payment of up to $7,350?

Panera Bread has reached a $2.5 million settlement to resolve a lawsuit stemming from a major data breach in March 2024.

Read Article
November 07, 2025 08:56 PM
Panera Bread Class Action Settlement 2025, How to File and Receive Up to $7,350

Panera Bread has agreed to pay $2.5 million to settle a class action lawsuit stemming from a March 2024 data breach that compromised...

Read Article
September 13, 2025 07:00 AM
Three settlements to claim including up to $6,500 to claim before November 11 deadline

AMERICANS can claim three settlement payments worth a combined $6158.90 this month.The settlements target huge companies in the US,...

Read Article
August 29, 2025 07:00 AM
Foodservice Distributor McLane Opens Tech Hub in Austin

The investment supports the company's growing IT and AI strategy and expands its digital capabilities.

Read Article
August 28, 2025 07:00 AM
Srinivas Rautwar elevated to CIO at American Systems

Indian American IT industry veteran to focus “on leveraging emerging technologies like machine learning and AI”

Read Article
faq

Frequently Asked Questions

Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.

Panera Bread CyberSecurity History Information

Official Website of Panera Bread

The official website of Panera Bread is https://www.panerabread.com/en-us/company/our-history.html.

Panera Bread’s AI-Generated Cybersecurity Score

According to Rankiteo, Panera Bread’s AI-generated cybersecurity score is 650, reflecting their Weak security posture.

How many security badges does Panera Bread’ have ?

According to Rankiteo, Panera Bread currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Does Panera Bread have SOC 2 Type 1 certification ?

According to Rankiteo, Panera Bread is not certified under SOC 2 Type 1.

Does Panera Bread have SOC 2 Type 2 certification ?

According to Rankiteo, Panera Bread does not hold a SOC 2 Type 2 certification.

Does Panera Bread comply with GDPR ?

According to Rankiteo, Panera Bread is not listed as GDPR compliant.

Does Panera Bread have PCI DSS certification ?

According to Rankiteo, Panera Bread does not currently maintain PCI DSS compliance.

Does Panera Bread comply with HIPAA ?

According to Rankiteo, Panera Bread is not compliant with HIPAA regulations.

Does Panera Bread have ISO 27001 certification ?

According to Rankiteo,Panera Bread is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Industry Classification of Panera Bread

Panera Bread operates primarily in the Restaurants industry.

Number of Employees at Panera Bread

Panera Bread employs approximately 36,288 people worldwide.

Subsidiaries Owned by Panera Bread

Panera Bread presently has no subsidiaries across any sectors.

Panera Bread’s LinkedIn Followers

Panera Bread’s official LinkedIn profile has approximately 186,267 followers.

NAICS Classification of Panera Bread

Panera Bread is classified under the NAICS code 7225, which corresponds to Restaurants and Other Eating Places.

Panera Bread’s Presence on Crunchbase

Yes, Panera Bread has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/panera-bread.

Panera Bread’s Presence on LinkedIn

Yes, Panera Bread maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/panera-bread.

Cybersecurity Incidents Involving Panera Bread

As of November 27, 2025, Rankiteo reports that Panera Bread has experienced 4 cybersecurity incidents.

Number of Peer and Competitor Companies

Panera Bread has an estimated 4,808 peer or competitor companies worldwide.

What types of cybersecurity incidents have occurred at Panera Bread ?

Incident Types: The types of cybersecurity incidents that have occurred include Data Leak, Breach and Ransomware.

How does Panera Bread detect and respond to cybersecurity incidents ?

Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with customer notifications via settlement administrators, communication strategy with public disclosure of breach details, communication strategy with settlement website for claims..

Incident Details

Can you provide details on each incident ?

Incident : Data Leak

measurementExposure impactImpact

Title: Panera Bread Data Leak

Description: Panerabread.com leaked millions of customer records, including names, email and physical addresses, birthdays, and the last four digits of the customer’s credit card number. The data available in plain text from Panera’s site appeared to include records for any customer who has signed up for an account to order food online via panerabread.com.

Type: Data Leak

Incident : Data Breach

measurementExposure impactImpact

Title: Panerabread.com Data Breach

Description: Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants suffered a data breach incident. The breach compromised information including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number. The data was left exposed for at least eight months before it was yanked offline.

Type: Data Breach

Incident : Ransomware Attack

measurementExposure impactImpact

Title: Panera, LLC Ransomware Attack

Description: The Washington State Office of the Attorney General reported that Panera, LLC experienced a cybersecurity incident on March 23, 2024, affecting approximately 811 Washington residents. The breach, identified as a ransomware attack, involved unauthorized access to files that included names and Social Security numbers.

Date Detected: 2024-03-23

Type: Ransomware Attack

Incident : Data Breach

measurementExposure impactImpact

Title: Panera Bread Data Breach (2024)

Description: A major data breach at Panera Bread exposed sensitive customer information, including addresses, Social Security numbers, birth dates, and passcodes, affecting approximately 73 million accounts. The compromised data was found on a dark web dataset, leading to consolidated state and federal lawsuits. Two incidents were reported: one on March 30, 2024, and another on July 12, 2024, involving a third-party cloud platform. A class action lawsuit settlement offers compensation to affected customers, with claims due by November 11, 2025.

Date Detected: 2024-03-30

Date Publicly Disclosed: 2024-03-302024-07-12

Type: Data Breach

Attack Vector: Unauthorized access to customer databaseThird-party cloud platform compromise

Vulnerability Exploited: Inadequate cybersecurity measures (alleged)

Motivation: Likely financial (data sold on dark web)

What are the most common types of attacks the company has faced ?

Common Attack Types: The most common types of attacks the company has faced is Breach.

Impact of the Incidents

What was the impact of each incident ?

Incident : Data Leak PAN232315622

Data Compromised: Names, Email and physical addresses, Birthdays, Last four digits of the customer’s credit card number

Incident : Data Breach PAN2122261122

Data Compromised: Names, Email addresses, Physical addresses, Birthdays, Last four digits of credit card numbers

Incident : Ransomware Attack PAN520072525

Data Compromised: Names, Social security numbers

Incident : Data Breach PAN3962339111225

Data Compromised: Addresses, Social security numbers, Birth dates, Passcodes, Customer account details

Systems Affected: Customer databaseThird-party cloud platform

Customer Complaints: Multiple (led to class action lawsuit)

Brand Reputation Impact: Significant (lawsuits, settlement, public disclosure)

Legal Liabilities: Class action lawsuitConsolidated state and federal lawsuitsSettlement payments (up to $6,500 per claimant)

Identity Theft Risk: High (SSNs, birth dates, and passcodes exposed)

What types of data are most commonly compromised in incidents ?

Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Names, Email And Physical Addresses, Birthdays, Last Four Digits Of The Customer’S Credit Card Number, , Names, Email Addresses, Physical Addresses, Birthdays, Last Four Digits Of Credit Card Numbers, , Names, Social Security Numbers, , Personally Identifiable Information (Pii), Sensitive Authentication Data and .

Which entities were affected by each incident ?

Incident : Data Leak PAN232315622

Entity Name: Panera Bread

Entity Type: Company

Industry: Food and Beverage

Customers Affected: Millions

Incident : Data Breach PAN2122261122

Entity Name: Panera Bread

Entity Type: Company

Industry: Food and Beverage

Location: United States

Incident : Ransomware Attack PAN520072525

Entity Name: Panera, LLC

Entity Type: Company

Industry: Food and Beverage

Location: Washington

Customers Affected: 811

Incident : Data Breach PAN3962339111225

Entity Name: Panera Bread

Entity Type: Bakery-cafe chain

Industry: Food and Beverage / Retail

Location: United States (nationwide)

Size: Large (millions of customers)

Customers Affected: 73,000,000 (estimated)

Response to the Incidents

What measures were taken in response to each incident ?

Incident : Data Breach PAN3962339111225

Communication Strategy: Customer notifications via settlement administratorsPublic disclosure of breach detailsSettlement website for claims

Data Breach Information

What type of data was compromised in each breach ?

Incident : Data Leak PAN232315622

Type of Data Compromised: Names, Email and physical addresses, Birthdays, Last four digits of the customer’s credit card number

Number of Records Exposed: Millions

Personally Identifiable Information: namesemail and physical addressesbirthdayslast four digits of the customer’s credit card number

Incident : Data Breach PAN2122261122

Type of Data Compromised: Names, Email addresses, Physical addresses, Birthdays, Last four digits of credit card numbers

Personally Identifiable Information: namesemail addressesphysical addressesbirthdays

Incident : Ransomware Attack PAN520072525

Type of Data Compromised: Names, Social security numbers

Number of Records Exposed: 811

Sensitivity of Data: High

Incident : Data Breach PAN3962339111225

Type of Data Compromised: Personally identifiable information (pii), Sensitive authentication data

Number of Records Exposed: 73,000,000

Sensitivity of Data: High (SSNs, birth dates, passcodes)

Data Exfiltration: Confirmed (data found on dark web)

Personally Identifiable Information: NamesAddressesSocial Security numbersBirth datesPasscodes

Regulatory Compliance

Were there any regulatory violations and fines imposed for each incident ?

Incident : Data Breach PAN3962339111225

Legal Actions: Class action lawsuit, State and federal lawsuits (consolidated),

How does the company ensure compliance with regulatory requirements ?

Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Class action lawsuit, State and federal lawsuits (consolidated), .

References

Where can I find more information about each incident ?

Incident : Ransomware Attack PAN520072525

Source: Washington State Office of the Attorney General

Date Accessed: 2024-03-23

Incident : Data Breach PAN3962339111225

Source: Panera Bread Data Breach Settlement Website

Incident : Data Breach PAN3962339111225

Source: Class Action Lawsuit Filings (State and Federal)

Where can stakeholders find additional resources on cybersecurity best practices ?

Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Washington State Office of the Attorney GeneralDate Accessed: 2024-03-23, and Source: Panera Bread Data Breach Settlement Website, and Source: Class Action Lawsuit Filings (State and Federal).

Investigation Status

What is the current status of the investigation for each incident ?

Incident : Data Breach PAN3962339111225

Investigation Status: Ongoing (settlement pending Final Fairness Hearing on January 29, 2026)

How does the company communicate the status of incident investigations to stakeholders ?

Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Customer Notifications Via Settlement Administrators, Public Disclosure Of Breach Details and Settlement Website For Claims.

Stakeholder and Customer Advisories

Were there any advisories issued to stakeholders or customers for each incident ?

Incident : Data Breach PAN3962339111225

Stakeholder Advisories: Customers notified via settlement administrators; public deadlines communicated (claims due by November 11, 2025).

Customer Advisories: Eligible customers instructed to file claims by November 11, 2025, for compensation (up to $6,500 for extraordinary losses, $500 for ordinary losses).

What advisories does the company provide to stakeholders and customers following an incident ?

Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Customers notified via settlement administrators; public deadlines communicated (claims due by November 11, 2025)., Eligible customers instructed to file claims by November 11, 2025, for compensation (up to $6,500 for extraordinary losses and $500 for ordinary losses)..

Initial Access Broker

How did the initial access broker gain entry for each incident ?

Incident : Data Breach PAN3962339111225

High Value Targets: Customer database (PII and authentication data)

Data Sold on Dark Web: Customer database (PII and authentication data)

Post-Incident Analysis

What were the root causes and corrective actions taken for each incident ?

Incident : Data Breach PAN3962339111225

Root Causes: Alleged failure to implement adequate cybersecurity measures

Additional Questions

Incident Details

What was the most recent incident detected ?

Most Recent Incident Detected: The most recent incident detected was on 2024-03-23.

What was the most recent incident publicly disclosed ?

Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-03-30.

Impact of the Incidents

What was the most significant data compromised in an incident ?

Most Significant Data Compromised: The most significant data compromised in an incident were names, email and physical addresses, birthdays, last four digits of the customer’s credit card number, , names, email addresses, physical addresses, birthdays, last four digits of credit card numbers, , names, Social Security numbers, , Addresses, Social Security numbers, Birth dates, Passcodes, Customer account details and .

What was the most significant system affected in an incident ?

Most Significant System Affected: The most significant system affected in an incident was Customer databaseThird-party cloud platform.

Data Breach Information

What was the most sensitive data compromised in a breach ?

Most Sensitive Data Compromised: The most sensitive data compromised in a breach were last four digits of credit card numbers, Addresses, Social Security numbers, email addresses, physical addresses, Birth dates, Passcodes, last four digits of the customer’s credit card number, email and physical addresses, birthdays, Customer account details and names.

What was the number of records exposed in the most significant breach ?

Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 73.0M.

Regulatory Compliance

What was the most significant legal action taken for a regulatory violation ?

Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Class action lawsuit, State and federal lawsuits (consolidated), .

References

What is the most recent source of information about an incident ?

Most Recent Source: The most recent source of information about an incident are Panera Bread Data Breach Settlement Website, Class Action Lawsuit Filings (State and Federal) and Washington State Office of the Attorney General.

Investigation Status

What is the current status of the most recent investigation ?

Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (settlement pending Final Fairness Hearing on January 29, 2026).

Stakeholder and Customer Advisories

What was the most recent stakeholder advisory issued ?

Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Customers notified via settlement administrators; public deadlines communicated (claims due by November 11, 2025)., .

What was the most recent customer advisory issued ?

Most Recent Customer Advisory: The most recent customer advisory issued were an Eligible customers instructed to file claims by November 11, 2025, for compensation (up to $6,500 for extraordinary losses and $500 for ordinary losses).

cve

Latest Global CVEs (Not Company-Specific)

Description

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References
Description

Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.

Published
Date
2025-11-26
Updated
Date
2025-11-26
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References

Access Data Using Our API

SubsidiaryImage

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=panera-bread' -H 'apikey: YOUR_API_KEY_HERE'
Try It API Documentation rapidRapid

What Do We Measure ?

revertimgrevertimgrevertimgrevertimg
Incident
revertimgrevertimgrevertimgrevertimg
Finding
revertimgrevertimgrevertimgrevertimg
Grade
revertimgrevertimgrevertimgrevertimg
Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network Security

Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)

Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)

Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat Intelligence

Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Top LeftTop RightBottom LeftBottom Right
Rankiteo
By Rankiteo
View on G2.com
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
View latest reports → View all security reports →
Users Love Us Badge