Panda Express Data Breach Lawsuit Filed After Current, Former Employee Info Exposed in 2024 Cyberattack
Flessas v. Panda Restaurant Group, Inc.
Filed: May 9, 2024 ◆§ 2:24-cv-03867
The company that operates Panda Express, Panda Inn and Hibachi-San restaurants faces a proposed class action lawsuit over a sizeable 2024 data breach.
California
The company that operates Panda Express, Panda Inn and Hibachi-San restaurants faces a proposed class action lawsuit over a sizeable 2024 data breach believed to have impacted current and former employees.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The 73-page Panda Express data breach lawsuit against Panda Restaurant Group, Inc. says the parent company began to notify current and former employees around April 29 of this year that it had detected a data security incident on March 10. The data breach suffered by Panda Restaurant Group, which operates the largest Chinese fast food chain nationwide, impacted nearly 240,000 people, the company disclosed.
Panda Restaurant Group stated in its data breach notice letter that although the cyberattack did not impact its in-store systems or guest experience, an investigation determined that certain information “maintained on our corporate systems” was accessed by an unauthorized party between March 7 and March 11, 2024, the complaint relays.
According to the data breach lawsuit, current and former Panda Restaurant Group employees’ names, dates of birth, financial account details and Social Security numbers were involved in the data breach. The case emphasizes that Panda Restaurant Group, by collecting and maintaining employee information in the course of its business, assumed the legal duty to protect and safeguard that data from unauthorized access.
The company failed to state in its data breach notice the root cause of the incident, who was behind it, and the remedial measures taken to ensure another cyberattack does not occur, the suit says, alleging employee data was compromised as a result of negligence and/or carelessness on the part of Panda Restaurant Group.
“To date, these critical facts have not been explained or clarified to Plaintiff and Class Members, who retain a vested interest in ensuring that their [personal information] remains protected,” the filing reads.
The lawsuit avers that the personal information stolen in the Panda Express data breach was subsequently sold on the dark web, as that is “the modus operandi of cybercriminals that commit cyber-attacks of this type.”
The case looks to cover all United States residents whose personally identifiable information was accessed and/or acquired by an unauthorized party as a result of the data breach reported by Panda Restaurant Group in April 2024.
Are you owed unclaimed settlement money? Check out our class action rebates page full of open class action settlements.
Video Game Addiction Lawsuits
If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.
Learn more:Video Game Addiction Lawsuit
Depo-Provera Lawsuits
Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.
Read more: Depo-Provera Lawsuit
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.