Panera Bread's digital outage reportedly blamed on ransomware attack

Cybersecurity site said the company's virtual machines were encrypted by cyber attackers, resulting in the three-day outage. The report cites unnamed sources and internal emails.
Panera Bread
During the outage, Panera Bread's kiosks said they were down for maintenance. | Photo by Lisa Jennings.

Panera Bread’s mysterious digital channel outage in March was the result of a ransomware attack.

That’s according to cybersecurity site, which on Friday reported that a ransomware attack at Panera encrypted many of the company’s virtual machines, preventing access to data and applications.

BleepingComputer cites people familiar with the matter and internal emails but does not specify the evidence.

Panera officials, meanwhile, have not responded to multiple requests about the outage since it was first reported on March 22—and that silence has continued to fuel speculation that the incident was the result of a cyberattack.

The fast-casual chain’s website and app were down or hampered from Saturday, March 23 through Tuesday, March 26, along with in-store kiosks, though guests could still order at the registers.

Cashiers, however, couldn’t access the loyalty program and anyone who said they were an Unlimited Sip Club member was offered a free drink because team members could not access accounts. Catering and gift card sales were also impacted. Employees reportedly couldn’t access schedules.

By the following Tuesday, the digital systems were restored. Loyalty members were sent an email offering a procedure for earning rewards points missed while the digital channels were down.

For Panera, it was particularly bad timing. The chain was preparing for a menu overhaul the following week and parent company Panera Brands has been setting the stage for a potential initial public offering.

Still, it wouldn’t be the first time Panera has experienced a data breach.

In 2018, the chain’s website reportedly leaked customer data, including names, emails, addresses, birthdates and the last four digits of credit card numbers, for at least eight months before it was yanked offline, according to the site

Such attacks are a growing problem for restaurant companies that rely increasingly on technology and digital data.

Sean Deuby, a technology security analyst with Semperis, said such attacks/disruptions often lead to tens of millions of dollars spent recovering.

“Modern businesses that employ just-in-time supply chains are especially vulnerable to a disruption in that chain because there’s little to no inventory to act as a buffer against the disruption,” he said.

“In addition to restoring operations, a major concern for Panera Bread and other companies that face ransomware attacks is protecting customer and employee data,” Deuby added. “They must be examining to what extent the hackers have breached their systems.”

Companies can improve their resiliency to such attacks by knowing what their critical systems are, including infrastructure such as Active Directory, which should be monitored for unauthorized changes, he said.

They can also make their organizations difficult to compromise, since hackers tend to look for softer targets.


Members help make our journalism possible. Become a Restaurant Business member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.


Exclusive Content

Emerging Brands

5 pre-emerging restaurant brands ready for takeoff

These small concepts are still proving out their ideas, but each shows promise as a potential candidate for the next generation of emerging chains.


This little-known iPhone feature could change restaurant ordering

Tech Check: Almost every customer has a POS in their pocket. Can mini mobile apps get them to actually use it?


Red Lobster gives private equity another black eye

The Bottom Line: The role a giant sale-leaseback had in the bankruptcy filing of the seafood chain has drawn more criticism of the investment firms' financial engineering. The criticism is well-earned.


More from our partners