Panera faces potential class-action lawsuit over data breach involving employee information

Panera LLC is facing a proposed class-action lawsuit from former and current employees due to a data breach that exposed employee information during the first quarter of 2024, according to a June 24 complaint filed in the U.S. District Court for the Western District of Missouri.

A former employee filed the complaint, Hollis v. Panera, LLC, claiming that Panera failed to “properly secure and safeguard […] personally identifiable information,” such as employees’ Social Security numbers.

In March, Panera had a systemwide tech outage, which was speculated to be a cybersecurity attack. In mid-June, the company informed staff that personal employee data had been leaked. 

The class-action complaint claims the company failed to maintain security safeguards or protocols, such as encrypting or redacting sensitive information, and failed to adequately train its employees on cybersecurity. The lawsuit also highlights the nearly three-month time lag before notifying employees.

Panera has offered a year of credit monitoring to help employees watch their accounts and look out for identity theft, according to the documents.

The former employee has asked the court to approve the request for a class-action lawsuit, award damages and require Panera to implement a security program that protects data through encryption and trains employees.

As cybersecurity threats increase, HR leaders may need to take on more responsibility to protect sensitive employee information, security leaders have told HR Dive in the past. HR teams can work with those that traditionally handle cybersecurity — such as legal, information technology and information security — to develop cybersecurity strategy, implement training and communicate updates with employees.