Class action lawsuit against Panera alleges data breach at restaurant affects tens of thousands

Overview of the Panera data breach class action lawsuit:

• WHO: A former Panera Bread employee is suing the bakery chain.
• Why: The plaintiff alleges that a data theft at Panera exposed the personal information of tens of thousands of people.
• Where: The Panera data breach class action lawsuit was filed in federal court in Missouri.

A former Panera Bread employee is suing the bakery chain, claiming her personal information – including her Social Security number – was exposed in a cyberattack on the company.

Plaintiff Gracelyn Donovan filed a class action lawsuit against Panera LLC in federal court in Missouri on June 21, accusing the company of negligence.

Donovan says Panera stored confidential information about current and former employees that was stolen in a cyberattack on its systems in March. She believes the information, including passport numbers, driver’s license numbers and bank account numbers, is now in the hands of cybercriminals and is being marketed and sold.

She estimates that tens of thousands of people are affected by the breach.

Lawsuit: Panera handled employee data “recklessly”

Panera could have prevented the March 23 data theft by securing and encrypting its servers, Donovan says.

Instead, she claims Panera violated her rights and the rights of others by “willfully, recklessly or negligently” failing to take reasonable steps to ensure her personal information was protected.

As a result, information stored on Panera’s servers was compromised and made available to “an undoubtedly nefarious third party who seeks to profit from this disclosure by defrauding the plaintiff and class members in the future,” she says.

Lawsuit: Panera informs victims too late

Not only did Panera fail to protect the data, but it also failed to inform potential victims of the cyberattack that their data had been exposed, Donovan claims.

“It was only after the defendant allegedly discovered the data breach months later that he began sending the notification to the individuals whose (information) he confirmed was potentially at risk from the data breach,” she claims.

This prevented the victims of the data leak from taking additional steps to protect their private data and bank accounts from cybercriminals, the lawsuit continues.

Donovan wants to be able to represent anyone in the United States whose personal or private information was made available to unauthorized third parties as a result of the March 23 data breach.

It is seeking class action certification, damages, fees, costs and a jury trial, as well as an injunction forcing Panera to improve its privacy practices.

Meanwhile, last month Panera has announced that it will stop serves his drink Charged Lemonade, which is the subject of two wrongful death lawsuits, Law360 Reports. Panera declined to say whether the changes are related to the two lawsuits.

Were you affected by the Panera data breach? Let us know in the comments!

The plaintiff is represented by Maureen M. Brady of McShane & Brady LLC and Kevin Laukaitis of Laukaitis Law LLC.

The Class action lawsuit over data breach at Panera Is Gracelyn Donovan v. Panera LLC, Case No. 4:24-cv-00864 in the U.S. District Court for the Eastern District of Missouri.

Read more about class action lawsuits and class action settlements: