Report Suggests A Cyberattack Was Behind Panera's Digital Outage
Imagine you've walked into your go-to local coffee shop, whipped out your card to pay, and heard the apologetic words of the weary barista: "Sorry, our card reader is down. Can you pay in cash?" It's inconvenient when a business's technology fails during a Saturday rush. It makes headlines when it happens for days across a major fast-casual chain.
The chain known for its warming soups and nutrition-focused sandwiches is making headlines for an arena foodies can feel a lot less good about. Panera's entire virtual presence was disabled in an IT outage. Company access to POS systems, in-store ordering kiosks, the Panera website, mobile app, and employee scheduling portal were all barred from March 23 to March 26. MyRewards members could also not redeem their points, and Unlimited Sip Club members could not redeem their free drinks. (The company has since sent an email to members with instructions on how those lost points can be redeemed.)
Panera has since restored most of the systems, but now, customers are left wondering how this outage happened in the first place — and it might have been the result of a ransomware attack. Citing emails and unnamed sources aware of the issue, tech security outlet BleepingComputer reported that the malware encrypted Panera's virtual machines, resulting in the outage. It remains unclear (or unannounced) if any data was stolen or which organization was behind the attack. Except for a "We're working on it" X post (via Silicone Valley Daily), Panera has remained relatively silent throughout these rumors.
An uneasy time for fans and employees
This lack of transparency has reportedly extended not just to the public, but to Panera's employees, who have expressed concern over whether their data was compromised in the cyberattack, per BleepingComputer. This isn't the first time that Panera has breached the cybersecurity of its fans. In 2018, the Panera website leaked the names, emails, home addresses, birthdays, and last four credit card digits of millions of customers (anyone who had ordered food online) for a full eight months before the records were taken down.
Other restaurants have had issues as well. Last year, KFC, Taco Bell, and Pizza Hut were victims of a ransomware attack that led to the closure of 300 restaurants. This increase in digital security breaches is a particularly unsettling trend considering how rapid the shift toward online ordering has become in the contemporary American market.
It's also lousy timing for the chain's latest business move. In late February, Panera launched the biggest menu reimagination in company history, rolling out 20 updated items that hit the nationwide market on April 4. Still, the chain's most widespread publicity recently hasn't been about the menu revamp. It's about at least three separate lawsuits surrounding its controversial Charged Lemonade, a caffeine-loaded beverage that allegedly caused bodily harm to multiple customers with health conditions — and that's still not to mention its slowly deteriorating rewards program. This latest ransomware security scandal certainly doesn't seem to be helping Panera reclaim customer faith.