Panda Express owner says it was hit by cyberattack that attacked corporate systems

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

Panda Restaurant Group suffered a cyberattack recently, in which hackers stole sensitive information belonging to company associates.

In a breach notification letter, picked up by BleepingComputer, the company’s VP of Information Systems, Bryan Lim, explained that an unidentified and unauthorized actor infiltrated its systems on March 7, and remained there until March 11, before being thrown out. The attack was spotted a day before, on March 10.

Panda Restaurant Group is the parent company of Panda Inn, Panda Express and Hibachi-San. 

Where did the data go?

During their time in the company network, the attackers stole sensitive data belonging to its associates. The exact number of affected people is not known. Panda knows that the incident did not impact its in-store systems, operations, or guest experience, and that there was no guest and customer information among the stolen data.

While the breach notification letter does not say exactly what information the hackers obtained, BleepingComputer picked up a filing with the Office of the Maine Attorney General, in which it was said that people’s names or other personal identifiers were stolen, together with driver’s license numbers, or non-driver identification card numbers.

To assess the damage, Panda brought in third-party forensic experts, and notified the police. It is also offering free identity theft protection and credit monitoring services to affected individuals, through CyEx Identity Defense Total. The company is also currently notifying everyone involved. 

"We continue to work with law enforcement who are conducting an active investigation into the unauthorized actor responsible for this incident," the company added. "Panda also implemented additional technical safeguards to further enhance the security of information in our possession and to help prevent similar events from happening in the future."

The motive of the attack is unknown, but stealing data usually leads to two things: either the hackers sell it on the black market to another group, which uses the information for phishing and social engineering, or they try to extort money from the victim company in exchange for keeping the information private.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.