Panera Bread Data Breach Class Action Lawsuits, Two Separate Incidents, $2.5M Settlement Approved Plus New January 2026 Breach Affecting 14 Million

ByAll About Lawyer Reading Time: 7 minutes

Panera Bread faces multiple data breach class action lawsuits after two separate security incidents exposed customer and employee information. The March 2024 breach resulted in a $2.5 million settlement with a November 11, 2025 claim deadline that already passed, while a January 2026 breach allegedly compromised 14 million customer records leading to three new federal lawsuits currently in early litigation stages.

The March 2024 Data Breach Settlement Is Already Closed

Panera reached a $2.5 million settlement in August 2025 to resolve class action claims stemming from a March 23, 2024 security incident where unauthorized third parties accessed names and Social Security numbers of current and former employees plus a small number of customers, contractors, and individuals. The settlement received preliminary court approval, and eligible class members had until November 11, 2025 to file claims.

The final fairness hearing took place on January 29, 2026 at 10:30 a.m. CT before the U.S. District Court for the Eastern District of Missouri. Class members who submitted valid claims by the November deadline can receive up to $500 for ordinary out-of-pocket losses like credit monitoring fees or up to $6,500 for extraordinary losses such as identity theft, plus an additional $250 for time spent remedying issues.

California residents in the settlement class also receive a $100 statutory payment. All class members who filed claims before the deadline qualify for two years of free credit monitoring and $1 million in identity theft insurance.

January 2026 Breach Allegedly Exposed 14 Million Customer Records

Three separate class action lawsuits were filed in late January and early February 2026 in the U.S. District Court for the Eastern District of Missouri after Panera allegedly experienced a second major data breach. Plaintiffs Armen Keleshian, Michael Cardin, and Paige Cipriani claim the hacker group ShinyHunters accessed Panera’s network in late January 2026 and acquired files containing personally identifying information of millions of customers.

According to the complaints, the breach compromised unencrypted customer information including usernames, email addresses, home addresses, phone numbers, account details, and dates of birth. The lawsuits allege Panera failed to adequately protect the personal information it collected and maintained, failing to encrypt or redact sensitive data while disregarding known cybersecurity risks.

The three cases are Case No. 4:26-cv-00125 (Cardin v. Panera Brands Inc.), Case No. 4:26-cv-00126 (Cipriani v. Panera Bread Company), and the Keleshian complaint filed around the same time. These lawsuits remain in preliminary stages with no settlement reached or class certification granted as of February 2026.

What Panera Allegedly Did Wrong In Both Breaches

The March 2024 litigation alleged Panera was negligent in protecting private information, violated privacy laws including California’s Consumer Privacy Act, breached implied contract with employees and customers, and engaged in unjust enrichment by profiting from personal data while failing to implement adequate security. The consolidated lawsuit claimed Panera took six months to notify affected individuals about the March 2024 breach, delaying crucial identity protection steps.

The January 2026 lawsuits make similar allegations focused on Panera’s failure to encrypt sensitive customer data and disregard of known cybersecurity threats. Plaintiff Cipriani specifically claims Panera failed to encrypt or redact sensitive data despite operating in an industry where data breaches and cyberattacks targeting restaurants have become increasingly common.

Both sets of lawsuits assert claims for negligence, unjust enrichment, invasion of privacy, and violations of state consumer protection statutes. Panera has denied wrongdoing in both matters.

Who Was Affected By The Panera Data Breaches

The March 2024 breach primarily affected Panera’s current and former employees, though a small number of customers, contractors, and other individuals also had their information compromised. Only individuals who received an official data breach notice from Panera about the March 23, 2024 incident qualified for the $2.5 million settlement—and those claims had to be submitted by November 11, 2025.

Panera Bread Data Breach Class Action Lawsuits, Two Separate Incidents, $2.5M Settlement Approved Plus New January 2026 Breach Affecting 14 Million—What You Need To Know

The January 2026 breach allegedly impacted approximately 14 million Panera Bread customers according to court filings. Anyone who created an account with Panera, ordered through the Panera Bread app, or provided personal information to the restaurant chain may have been affected.

If you’re a Panera customer and haven’t received a breach notification about the January 2026 incident, watch your mail and email closely. Companies must notify affected individuals when their personal information is compromised, though delays of weeks or months are common.

The ShinyHunters Hacking Group Behind January 2026 Attack

ShinyHunters is a notorious cybercriminal organization responsible for multiple high-profile data breaches targeting major corporations. The group has previously been linked to breaches at Microsoft, AT&T, and other large companies, often stealing massive databases and either selling the information on dark web marketplaces or leaking it publicly to cause maximum damage.

The group typically targets companies with inadequate cybersecurity protections, exploiting vulnerabilities in network security, authentication systems, or third-party integrations. According to the January 2026 lawsuits, ShinyHunters accessed Panera’s systems and acquired files containing millions of customer records stored without encryption.

ShinyHunters’ involvement suggests the stolen Panera customer data may already be circulating on criminal forums where identity thieves purchase information to commit fraud, open fraudulent accounts, or file false tax returns.

No Settlement Or Claims Process For January 2026 Breach Yet

The three lawsuits filed over the January 2026 breach remain in early litigation. No settlement has been proposed, no class has been certified, and no claims process exists. If you believe you were affected by the January 2026 breach, save all documentation including purchase confirmations, email receipts from Panera, account creation records, and any breach notification letters you receive.

If the January 2026 cases settle or proceed to judgment with class certification, affected consumers will receive official notice with claim instructions and deadlines. Class members are automatically included if certification is granted unless they opt out.

Based on similar data breach settlements like the Under Armour Class Action, Company Failed To Protect Customer Data In 343 GB Breach and Conduent Data Breach Update, 14.7 Million Victims In Texas Alone, 10+ Class Actions Filed, Free Credit Monitoring Deadline March 31, 2026, settlements typically provide compensation ranging from pro-rata cash payments to thousands of dollars for documented losses.

Protect Yourself After The Panera Breaches

If you were affected by either Panera breach, take immediate action to protect your identity. Change your Panera account password and any other accounts using the same password. Enable two-factor authentication on all important accounts including email, banking, and financial services.

Monitor your credit reports from all three bureaus—Equifax, Experian, and TransUnion—for unauthorized accounts or suspicious activity. You’re entitled to free credit reports at AnnualCreditReport.com, and breach victims often qualify for additional free reports.

Consider placing a fraud alert or credit freeze on your credit files. A fraud alert makes it harder for identity thieves to open new accounts in your name, while a credit freeze blocks access to your credit file entirely until you lift it.

Watch for phishing emails or text messages claiming to be from Panera or offering breach-related services. Legitimate settlement administrators never ask for payment to receive settlement money, and official communications will include case numbers and court information.

What Is The Panera Bread Data Breach Class Action Lawsuit?

Two separate incidents are involved: a March 2024 breach affecting employees and some customers that resulted in a $2.5 million settlement (claim deadline passed), and a January 2026 breach allegedly compromising 14 million customer records currently subject to three pending federal lawsuits.

How Many Panera Bread Customers Were Affected By The Data Breach?

The March 2024 breach primarily affected Panera employees plus a small number of customers and contractors. The January 2026 breach allegedly affected approximately 14 million Panera customers according to court filings.

What Personal Information Was Exposed In The Panera Bread Data Breach?

The March 2024 breach exposed names and Social Security numbers. The January 2026 breach allegedly compromised usernames, email addresses, home addresses, phone numbers, account details, and dates of birth—all stored without encryption according to lawsuits.

Which Consumers Are Eligible For Compensation?

For the March 2024 breach, only consumers who received official Panera notice and filed claims by November 11, 2025 were eligible. For the January 2026 breach, no settlement or eligibility requirements exist yet because litigation is in early stages.

How Do I Check If My Information Was Exposed In The Panera Bread Data Breach?

For the March 2024 breach, you would have received an official notice letter from Panera or Kroll Settlement Administration. For the January 2026 breach, watch for breach notification letters or emails from Panera in coming weeks or months.

How Do I File A Claim In The Panera Bread Data Breach Class Action?

The March 2024 settlement claim deadline passed on November 11, 2025. No claims process exists for the January 2026 breach because no settlement has been reached and class certification hasn’t been granted.

Where Can I Find Official Information About The Lawsuits And Claims Process?

The March 2024 settlement information was available at panerasettlement.com. For the January 2026 lawsuits, court filings are available through PACER or by contacting the plaintiffs’ attorneys listed in the complaints.

Last Updated: February 7, 2026
Disclaimer: This article provides informational content only and does not constitute legal advice. Consult an attorney for guidance on your specific situation.

If you’re a Panera customer who may have been affected by the January 2026 breach, save all purchase documentation and watch for official breach notifications. The litigation is ongoing.

Stay informed, stay protected. — AllAboutLawyer.com

About the Author

Sarah Klein, JD

Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah

Leave a Reply

Your email address will not be published. Required fields are marked *