Panda Express $2.45 Million Data Breach Class Action Settlement, Case No. 24STCV12667—Claim Up To $5,000 By April 10, 2026
Case Number: Halliday, et al. v. Panda Restaurant Group, Inc., Case No. 24STCV12667 (Los Angeles County Superior Court)
Panda Restaurant Group Inc., parent company of Panda Express, has agreed to pay $2.45 million to settle a class action lawsuit stemming from a March 2024 cybersecurity incident that exposed the personal information of approximately 240,295 individuals. Affected consumers who received data breach notification letters can claim up to $5,000 for documented losses, an estimated $100 pro-rata cash payment, or an additional $125 California statutory payment. The claim deadline is April 10, 2026, with the final approval hearing scheduled for April 20, 2026.
What Happened in the Panda Express Data Breach
On March 7, 2024, an unauthorized third party gained access to Panda Restaurant Group’s corporate computer systems, according to court filings. The intrusion continued through approximately March 11, 2024, when Panda detected the suspicious activity and began investigating.
By April 15, 2024, Panda’s investigation confirmed that compromised files contained full names, dates of birth, and Social Security numbers—the most sensitive type of personal information that enables identity theft and financial fraud. Panda reported the incident to the Maine Attorney General’s Office on April 30, 2024, and began mailing data breach notification letters to affected individuals that same day.
The breach affected not only Panda Express customers but also current and former employees whose personal information was stored in the company’s corporate systems. According to settlement documents, 81,216 of the 240,295 affected individuals reside in California.
The Class Action Lawsuit Against Panda Restaurant Group
Multiple lawsuits were filed across federal and state courts following the breach disclosure. Eight separate class actions were initially filed in the U.S. District Court for the Central District of California, while a consolidated state court action proceeded in Los Angeles County Superior Court.
The lead plaintiffs—Marc-Anthony Halliday, Victoria Ruggeri, Emily Flessas, Steven Jackson, Elizabeth Jimenez, Stephanie Sarfo, Silas Davis, and Joshua Oluwalowo—alleged that Panda Restaurant Group committed negligence, breach of implied contract, unjust enrichment, breach of the implied covenant of good faith and fair dealing, breach of fiduciary duty, and sought declaratory judgment and injunctive relief.
According to court documents, plaintiffs claim Panda failed to implement reasonable cybersecurity safeguards despite storing highly sensitive personal information including Social Security numbers. The lawsuit alleges Panda was responsible for the security incident and failed to timely notify affected individuals of the breach.
Panda Restaurant Group denies all allegations of wrongdoing and maintains it had meritorious defenses. The company agreed to the settlement solely to avoid the expense, burden, and risk of continued litigation. No court has made any determination that Panda violated any laws or is liable for the alleged claims.
Settlement Compensation: Three Payment Options
The $2.45 million settlement fund provides eligible class members with multiple compensation choices. After deducting settlement administration costs (estimated at $225,381), attorneys’ fees (up to one-third of the fund or $816,666.67), litigation expenses (up to $30,000), and service awards (up to $3,000 per class representative), the remaining funds will be distributed to approved claimants.
Documented Loss Payment – Up To $5,000
Class members who suffered actual financial losses traceable to the March 2024 data breach can claim reimbursement up to $5,000 per person. Eligible expenses include unreimbursed fraudulent charges, bank fees from account closures or card replacements, costs for credit monitoring services or credit freezes, late fees caused by fraud or delayed transactions, professional fees for legal or accounting services to resolve identity theft, and documented travel expenses or long-distance phone charges related to addressing the breach.
You must provide third-party documentation such as receipts, bank statements, credit reports, or invoices. Self-prepared documents like handwritten receipts alone are insufficient but can supplement other documentation. Losses must have occurred on or after March 7, 2024, and cannot have been reimbursed by another source.
Pro-Rata Cash Payment – Estimated $100
Class members who don’t file documented loss claims can receive an alternative flat cash payment estimated at $100. No receipts or documentation are required for this option. The final amount will be adjusted up or down based on how many total claims are filed and how much money remains in the settlement fund after paying documented losses, credit monitoring costs, and administrative expenses.
California Statutory Cash Payment – Estimated $125
Class members who resided in California on March 7, 2024, can claim an additional payment estimated at $125. This statutory award recognizes claims under the California Consumer Privacy Act (CCPA). Similar to the pro-rata payment, the actual amount may increase or decrease depending on the total number of claims submitted.
Free Credit Monitoring Services
In addition to cash compensation, all settlement class members can elect two years of three-bureau credit monitoring services through CyEx. These services include real-time credit file monitoring at Experian, Equifax, and TransUnion; dark web scanning with immediate notifications of potential unauthorized use; comprehensive public records monitoring; identity theft insurance with no deductible; and access to fraud resolution agents who help investigate and resolve identity theft instances.
Class members who already maintain credit monitoring can defer enrollment for up to 12 months at no additional charge. Understanding how Nelnet data breach class action lawsuit $10M settlement payments work helps contextualize the Panda Express settlement structure.
Who Qualifies for the Settlement
You’re eligible if you received a data breach notification letter from Panda Restaurant Group stating your personal information was potentially compromised in the March 2024 security incident. The settlement class covers all U.S. residents whose private information was included in files accessed during the cyberattack.
Excluded from the settlement are Panda Restaurant Group employees, directors, officers, and agents; government entities; Judge Theresa M. Traber, her immediate family, and court staff; and anyone who submits a valid exclusion request by March 23, 2026.
How To File Your Claim Before April 10, 2026
Submit your claim online at www.prgbreachsettlement.com or call 1-866-302-7373 for assistance. You’ll need your Unique Identifier from the postcard or email notice you received about the settlement.
To file by mail, download the claim form from the settlement website and send it to PRG Breach Settlement, c/o Settlement Administrator, P.O. Box 173073, Milwaukee, WI 53217. Mailed claims must be postmarked by April 10, 2026.
When filing, you’ll select which payment option(s) you want. You can choose both a cash payment and credit monitoring services. For documented losses, attach copies of receipts, bank statements, credit reports, or other third-party documentation proving your expenses. Redact any information not relevant to your claim before submitting.
The settlement administrator will review all claims within 7 days and notify you of any deficiencies. You’ll have 20 days to cure deficient claims by providing additional information or documentation. Similar AT&T class action lawsuit sending $7,500 settlement checks demonstrate how data breach settlements compensate affected consumers.
Important Settlement Deadlines
March 23, 2026: Opt-out deadline if you want to exclude yourself from the settlement and preserve your right to sue Panda Restaurant Group separately.
March 23, 2026: Objection deadline if you disagree with settlement terms but want to remain in the class.
April 10, 2026: Claim form deadline—submit online by 11:59 PM or postmark paper claims by this date.
April 20, 2026: Final approval hearing where Judge Theresa M. Traber will decide whether to approve the settlement.
What To Do If You Were Affected
Monitor your credit reports for suspicious activity by visiting AnnualCreditReport.com. Place fraud alerts with the three major credit bureaus—Equifax, Experian, and TransUnion. Consider freezing your credit to prevent new accounts from being opened in your name.
Watch for phishing emails or phone calls from scammers claiming to be Panda Restaurant Group or the settlement administrator. Only contact the official settlement administrator at 1-866-302-7373 or [email protected]. Review bank and credit card statements carefully for unauthorized transactions.
Keep your data breach notification letter as proof you’re part of the settlement class. Document any identity theft incidents or fraud attempts that occur after March 7, 2024. Understanding WebTPA data breach settlement approved $13.75 million helps contextualize similar healthcare data breach compensation.
Last Updated: February 7, 2026
Disclaimer: This article provides general information about the Panda Express data breach class action settlement and is not legal advice. For specific guidance about your eligibility or claim, consult a qualified attorney.
Stay informed, stay protected. — AllAboutLawyer.com
About the Author
Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah