Panda Express 2.45M Settlement Over March 2023 Data Breach Exposing SSNs
Deadline
Deadline: April 10, 2026
Total Settlement Amount
Total amount allocated for all claims
Individual Payout Range
Estimated amount per eligible claim
Proof of Purchase
For the estimated $100 pro rata payment (and the estimated $125 California statutory payment, if applicable), no receipts or loss documentation are required; you must be an eligible class member who received Panda Restaurant Group’s breach notice letter. To request reimbursement for documented losses (up to $5,000), you must submit supporting records (e.g., receipts, bank/credit card statements, fee or fraud notices, postage/phone/transportation documentation) showing unreimbursed expenses tied to the breach.
Settlement Summary
The lawsuit stems from a reported data security incident in or around March 2023 in which an unauthorized party allegedly accessed Panda Restaurant Group files containing sensitive personal information such as names, dates of birth, and Social Security numbers. Because SSNs are difficult to “change” and can be used for new-account fraud and identity theft, breaches involving this type of data tend to trigger class actions seeking compensation for time spent responding, reimbursement for fraud-related costs, and court-ordered improvements to security practices. Plaintiffs filed the case (Halliday, et al. v. Panda Restaurant Group, Inc., Los Angeles County Superior Court) alleging Panda Express’s parent company failed to adequately safeguard consumer data, asserting claims like negligence and breach of implied contract, while Panda denies wrongdoing. The proposed $2.45 million non-reversionary settlement—meaning the money won’t revert to the company—would fund pro rata cash payments (estimated $100), an additional California statutory payment (estimated $125), up to $5,000 for documented losses, and two years of credit monitoring, with claims due April 10, 2026 pending final court approval. Beyond individual payouts, these settlements matter because they effectively set expectations for how quickly companies respond to breaches, what remediation they offer, and how much financial exposure follows when highly sensitive identifiers are involved. This case fits into a broader wave of consumer data-breach class actions targeting retailers, restaurants, and employers after cyber intrusions, often resolving without an admission of fault but with a mix of cash, monitoring, and security commitments. The regulatory backdrop is patchwork: most states require breach notifications, and California residents may have additional rights under the California Consumer Privacy Act and related privacy laws, which is why a separate California statutory payment is contemplated; at the federal level, there’s no single comprehensive consumer privacy statute, but companies still face scrutiny under the FTC’s “reasonable security” expectations and sector-specific rules when applicable. As more businesses centralize customer and employee data and attackers focus on SSNs and birthdates, settlements like this can influence industry norms for encryption, access controls, vendor management, and incident-response planning in the quick-service restaurant space and beyond.
Entities Involved
Eligibility Requirements
- Reside in the United States
- Personal information was accessed or may have been accessed in connection with the March 2023 Panda Restaurant Group data security incident
- Received a data breach notice letter from Panda Restaurant Group about the incident
- Not excluded (i.e., not a Panda Restaurant Group employee/director/officer/agent; not a governmental entity; not the judge or court staff; and did not submit a valid opt-out request by the deadline)
Featured Investigations
Stay Updated
Subscribe to our newsletter for the latest settlement updates and news.
Important Notice About Filing Claims
Submitting false information in a settlement claim is considered perjury and will result in your claim being rejected. Fraudulent claims harm legitimate class members and may result in legal consequences.
If you are unsure about your eligibility for this settlement, please visit the official settlement administrator’s website using the link provided above. Review the eligibility criteria carefully before submitting a claim.
Class Action Champion is an independent information resource and is not affiliated with any settlement administrator, law firm, or court. We provide settlement information as a service to help connect eligible class members with legitimate settlements.