Panera leaked customer info for months despite warning

Panera Bread's website leaked customer records for 8 months, report says

Online security experts allege that Panera Bread the bakery-café chain based in the USA had millions of its customers' personal data available as well as searchable on its website for a minimum of eight months, leaving that data open to be stolen and used for identity theft.

Data including "names, email and physical addresses, birthdays and the last four digits of the customer's credit card number" were leaked online according to cybersecurity expert Brian Krebs, who helped publicize the news.

US bakery chain Panera Bread has leaked millions of online consumer records, including birthdays and partial credit card numbers, for at least eight months, a computer security blog says.

The breach was first spotted by Dylan Houlihan, a security researchers who notified Panera Bread about the customer data leak eight months ago.

"Panera takes data security very seriously and this issue is resolved", the company said in a written statement. In early August, Houlihan successfully reached Gustavison through an introduction and Gustavison told him the security team was "working on a resolution".

The food chain's website reportedly left its customers' personal data completely exposed for anyone to scoop up. However, Houlihan said that months passed and no fix.

Internet security writer Brian Krebs says the unprotected files were first reported to Panera on August 2. But, instead, it seems as if the information is still available, but now you must first have a valid Panera Bread account to go through the steps of accessing the unsecured data.

While it is unclear how many customer records were compromised, Krebs said it "may be higher than seven million", and later on Twitter noted that it could be closer to 37 million.

The Register asked Panera Bread for comment but we've not heard back. Panera Bread confirmed the breach on Monday and said the "issue is resolved" without evidence of widespread customer exposure.

Related:

Comments

Latest news

Severe weather possible Tuesday
The cold front will sweep across the southeast Tuesday through Wednesday , arriving in Middle Georgia early Wednesday morning . The Storm Prediction Center has elevated us to the "Moderate" category for severe weather through the end of the day.

Act like Muhammad Ali, Obisia tells Anthony Joshua, Deontay Wilder
There's no other heavyweight in the world about whom a plausible case can be made to beat Anthony Joshua and vice versa.

Nobel laureate Malala ends visit to Pakistan
In 2007, the militants had taken over the area, which Malala affectionately called "My Swat", and imposed a brutal, bloody rule. The visit was kept highly secret and hardly anyone knew until she landed in Islamabad and was driven in security to a hotel.

Teen boy plunges down sewage pipe
Jessica McClure's rescue captured the nation's attention in some of the first round-the-clock television coverage in the U.S. Rescuers fanned out to sites where the sewage system drains and searched chambers where Jesse may have gotten trapped.

Other news