Panera Bread suffered a data breach with third-party reporting suggesting approximately 5.1 million customers affected — a figure unconfirmed by Panera — and multiple class-action lawsuits are active as of early 2026 alleging inadequate data protection controls. No CVE, confirmed attack vector, or authoritative Panera disclosure is available; all sourcing is trade press and litigation aggregators. Organizations operating loyalty programs or customer PII repositories should treat this as a sector signal to audit cloud storage access controls, enforce least-privilege IAM policies, and review PII data retention practices against NIST SP 800-53 SI-12.