It was two weeks ago that I first told you about the data breach at Panera Bread.  It was done by the English speaking hacking group ShinyHunters,  who successfully stole personal information including customer names, email addresses, phone numbers home addresses and account details for 14 million customers of Panera Bread.  In the last year ShinyHunters hacked Google, Farmers Insurance, Allianz Life, Workday, Pandora, Cisco, Chanel, Dior, Louis Vuitton, Tiffany and Qantas.  In the case of Panera Bread, the hackers got access to a Panera Bread database through social engineering in which they posed as an IT worker and lured Panera Bread employees into providing access credentials.

Now two lawsuits have been filed seeking class action status in regard to the data breach.   They allege that Panera negligently failed to protect sensitive customer data, which is even worse considering the fact that Panera suffered a similar data breach in March of 2024. Further, the lawsuits allege that Panera still hasn’t notified affected customers about the breach.  As more developments occur, I will report them to you.

TIPS

While personal information of the kind compromised in this data breach does not pose the immediate threat of a compromised Social Security number, it does enable a cybercriminal to create more specifically targeted spear phishing attacks that appear legitimate.

Victims of this data breach should  freeze their credit if they have not already done so.  Actually, freezing your credit is actually something everyone should do.  It is free and easy to do.  In addition, it protects you from someone using your identity to obtain loans or make large purchases even if they have your Social Security number.  If you have not already done so, put a credit freeze on your credit reports at all of the major credit reporting agencies.  Here are links to each of them with instructions about how to get a credit freeze:

Everyone also should monitor their credit reports regularly for indications of identity theft.  The three major credit reporting agencies now provide free weekly access to your credit reports so you can monitor your credit reports easily on your own.  Here is the only link to use to get your free credit reports.https://www.annualcreditreport.com/index.action
Some scammers have websites that appear to offer “free” credit reports, but if you read the fine print, you often may find that you have signed up for unnecessary services.
With data breaches so common, it is also important to limit the amount of personal information you provide any company to no more than what is absolutely necessary. Many companies ask for your Social Security number although they have no real need for that information.  Don’t provide it whenever you can.
Finally, be wary of anyone who calls you purporting to help you in regard to the data breach who  asks for personal information in regard to this data breach as that is a favorite tactic of hackers to lure you into providing additional personal information that can lead to your becoming a victim of identity theft.  Also, as always, never click on a link or download an attachment to an email or text message unless you have absolutely confirmed that it is legitimate and don’t provide personal information in response to an email, text message or phone call unless you have absolutely confirmed that the communication was legitimate.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/