The data was stolen by the ShinyHunters extortion group, according to the SecurityWeek blog. The group is believed to have compromised a Microsoft Entra single-sign-on code in order to gain access to Panera's systems. Entra is a series of network and identity products built by Microsoft to help with security and employee access.
So all the more reason for countries and organizations to look for alternatives to Microslop's products then!