$2.45M Panda Express Data Breach Settlement, Are You Eligible to Claim? April 10, 2026 Deadline

ByAll About Lawyer Reading Time: 7 minutes

Panda Restaurant Group Inc. — parent company of Panda Express — agreed to pay $2,450,000 to resolve a class action lawsuit over a March 2024 cyberattack that exposed the personal information of approximately 240,295 current and former employees. The settlement received preliminary court approval on January 6, 2026. Eligible class members can claim up to $5,000 for documented losses — or approximately $100 with no proof — before the April 10, 2026 deadline, which is days away.

Quick Facts

FieldDetail
Settlement Amount$2,450,000
Claim DeadlineApril 10, 2026 — act immediately
Who QualifiesU.S. residents who received a Panda Restaurant Group data breach notification letter
Payout Per PersonUp to $5,000 (documented losses) / ~$100 flat cash / up to $125 California statutory payment
Proof RequiredYes for $5,000 option / No for ~$100 flat cash option
Settlement StatusPreliminarily approved — claims open now
AdministratorA.B. Data Ltd. (PRG Breach Settlement)
Official WebsitePRGBreachSettlement.com

Where the Case Stands Right Now

  • The Panda Restaurant Group class action settlement received preliminary approval from the court on January 6, 2026, and covers all United States residents whose personal information was potentially accessed during the data breach, including those who received a written notice from the restaurant management company.
  • The opt-out and objection deadlines passed on March 23, 2026. The final approval hearing is scheduled for April 20, 2026 at 10:30 AM Pacific Time before Judge Theresa M. Traber in Los Angeles.
  • Compensation will begin to be distributed to class members only after final approval has been granted and any appeals have been resolved.

What Is the Panda Express Data Breach Lawsuit About?

Panda Restaurant Group, Inc., operator of Panda Express, Panda Inn, and Hibachi-San, disclosed a data breach affecting 239,815 individuals. Following an investigation, the company determined that an unauthorized party accessed certain corporate systems between March 7 and March 11, 2024.

The plaintiffs claimed negligence, breach of implied contract, unjust enrichment, breach of the implied covenant of good faith and fair dealing, and additional violations arising from the company’s alleged failure to implement reasonable cybersecurity measures before the breach occurred.

Panda reported the incident to the Maine Attorney General’s Office on April 30, 2024, and began mailing data breach notification letters to affected individuals that same day. Panda Restaurant Group denies any wrongdoing and agreed to the settlement solely to avoid the cost and uncertainty of continued litigation.

What Data Was Exposed?

The class action lawsuit concerns a data security incident in which an unauthorized third party may have gained access to Panda Restaurant Group’s files containing sensitive personal information, including full names, dates of birth, and Social Security numbers.

Social Security numbers are among the most sensitive data points that can be exposed in a breach. Unlike a credit card number or password, a Social Security number cannot be changed — and the risk of identity theft it creates can persist for years after the initial incident.

Panda Restaurant Group brands affected include Panda Express, Panda Inn, Hibachi San, Uncle Tetsu, Yakiya, Great Panda, and some Whataburger locations.

Related article: $1.6M Krispy Kreme Data Breach Settlement, Are You Eligible to Claim Before June 22?

$2.45M Panda Express Data Breach Settlement, Are You Eligible to Claim April 10, 2026 Deadline

Who Is Eligible to File a Claim?

You may qualify for this settlement if:

  • You are a U.S. resident whose personal information was accessed or potentially accessed in connection with the Panda Restaurant Group data breach
  • You received a data breach notification letter mailed on behalf of Panda Restaurant Group about the March 2024 incident
  • You are a current or former employee of Panda Restaurant Group or one of its affiliated brands
  • You have your unique ID and PIN from the settlement notice (required to file online; contact the administrator if you lost yours)

The settlement only covers people in the United States who received a notice that their information may have been compromised as a result of the Panda Express breach. You must have received a specific data breach notification letter from Panda to qualify.

This settlement covers employees — not customers. If you dined at Panda Express but did not receive a breach notification letter, you are not part of this settlement class.

How Much Can You Receive?

The settlement offers three separate cash benefits plus free credit monitoring. You can claim one cash option — documented losses or the flat payment — and may also be eligible for the California statutory payment if you are a California resident.

Option A — Documented Losses (up to $5,000): Eligible claimants may receive reimbursement for documented losses up to $5,000 per person, with supporting documentation. Qualifying expenses include unreimbursed fraudulent charges, bank fees from account closures or card replacements, costs paid for credit monitoring services, late fees caused by fraud, and professional fees for recovering from identity theft. All claimed expenses must be traceable to the breach and supported by third-party documentation such as receipts or bank statements.

Option B — Flat Cash Payment (approximately $100): Class members who do not submit documented proof of out-of-pocket losses are eligible to receive approximately $100 in cash. No proof or explanation is required from class members to receive this cash payment. The final amount may increase or decrease depending on the total number of valid claims filed.

Option C — California Statutory Payment (up to $125 additional): Class members who lived in California at the time of the data breach are additionally eligible for a one-time statutory cash payment of up to $125. This payment is in addition to whichever cash option you select and may also be pro-rated based on total claim volume.

Free Credit Monitoring (all class members): Approved class members can receive three years of free credit monitoring from a three-bureau provider. The program covers Experian, TransUnion, and Equifax monitoring, dark web scanning, and public records monitoring to spot misuse of personal data linked to the breach. Identity theft insurance and fraud resolution assistance are also included.

How to File a Claim

Step 1 — Visit the official settlement website at PRGBreachSettlement.com

Step 2 — Locate the unique ID and PIN printed on the breach notification letter you received from Panda Restaurant Group

Step 3 — Select your benefit option — documented losses (up to $5,000), flat cash (~$100), or California statutory payment if applicable

Step 4 — For the documented losses option, upload third-party supporting documentation such as receipts, bank statements, or invoices for credit monitoring services paid after the breach

Step 5 — Submit your completed claim form online before April 10, 2026 at 11:59 PM

Step 6 — Save your confirmation number; the administrator will contact you within 7 days if your claim has any deficiencies, and you will have 20 days to correct them

You can also mail a paper claim form to: PRG Breach Settlement, c/o A.B. Data Ltd., P.O. Box 173073, Milwaukee, WI 53217 (postmarked by April 10, 2026). For help, call 1-866-302-7373 or email [email protected].

Estimated time to complete: 5–10 minutes.

Important Dates and Deadlines

MilestoneDate
Data Breach OccurredMarch 7–11, 2024
Breach Reported to Maine AGApril 30, 2024
Lawsuit Filed2024 (Halliday v. Panda Restaurant Group, Case No. 24STCV12667)
Preliminary Approval GrantedJanuary 6, 2026
Opt-Out DeadlineMarch 23, 2026 (passed)
Objection DeadlineMarch 23, 2026 (passed)
Claim Filing DeadlineApril 10, 2026 — act now
Final Approval HearingApril 20, 2026 at 10:30 AM PT
Expected Payment DateAfter final approval and claims processing — TBD

Frequently Asked Questions

Do I need a lawyer to file a claim? 

No. You do not need an attorney to file a claim in this settlement. The process takes roughly 5–10 minutes online at PRGBreachSettlement.com using the unique ID and PIN from your settlement notice. Hiring a lawyer is only relevant if you want to pursue a separate individual lawsuit — but the opt-out deadline of March 23, 2026 has already passed.

Is this settlement legitimate? 

Yes. The case is Halliday, et al. v. Panda Restaurant Group, Inc., Case No. 24STCV12667, and the official court-authorized settlement website is PRGBreachSettlement.com, maintained by A.B. Data Ltd. under the supervision of lead class counsel. Panda Restaurant Group denies any wrongdoing but agreed to settle to avoid further litigation.

When will I receive my payment? 

In general, settlement payments are sent after the court grants final approval at or after the final approval hearing, any appeals are resolved, and claims are reviewed and processed by the settlement administrator. The notice warns that resolving appeals can take time, perhaps more than a year.

What if I missed the claim deadline?

 The claim deadline is April 10, 2026. If you miss this date, you lose all settlement benefits — cash, credit monitoring, and the California statutory payment. You also remain bound by the settlement’s release of claims against Panda Restaurant Group, which means you cannot file a separate lawsuit over this breach.

Will this settlement payment affect my taxes? 

Payments that reimburse you for documented out-of-pocket losses from a data breach are generally treated as a return of funds rather than taxable income. The flat $100 cash payment may be treated differently. Consult a tax professional for guidance specific to your situation.

I lost my settlement notice. Can I still file?

 Contact the settlement administrator at 1-866-302-7373 or email [email protected] to confirm whether you are part of the class and to request claim information. You will need your unique ID and PIN to submit a claim online, and the administrator can help you retrieve this information.

Does this settlement cover Panda Express customers?

 No. This settlement covers only current and former employees whose data was compromised. You must have received a specific data breach notification letter from Panda to qualify. Customers who dined at Panda Express but did not receive a breach notification are not part of this settlement class.

What happens to unclaimed settlement money?

 Any uncashed payments after 90 days will be donated to the Children’s Hospital of Los Angeles. This type of cy pres distribution is standard practice in class action settlements and ensures unclaimed funds benefit the community rather than returning to the defendant.

Sources and References

Last Updated: April 4, 2026

Disclaimer: This article is for informational purposes only and does not constitute legal advice. Legal claims and outcomes depend on specific facts and applicable law. For advice regarding a particular situation, consult a qualified attorney.

About the Author

Sarah Klein, JD

Sarah Klein, JD, is a licensed attorney and legal content strategist with over 12 years of experience across civil, criminal, family, and regulatory law. At All About Lawyer, she covers a wide range of legal topics — from high-profile lawsuits and courtroom stories to state traffic laws and everyday legal questions — all with a focus on accuracy, clarity, and public understanding.
Her writing blends real legal insight with plain-English explanations, helping readers stay informed and legally aware.
Read more about Sarah

Leave a Reply

Your email address will not be published. Required fields are marked *