Customer records leaked on Panera ordering website

A Panera Bread restaurant in Miami Beach Florida. The company's website leaked customer data for at least 8 months according to a report from Brian Krebs

A Panera Bread restaurant in Miami Beach Florida. The company's website leaked customer data for at least 8 months according to a report from Brian Krebs

In a blog post from Monday, Krebs noted that the security flaw meant customers' names, emails, addresses, birthdays, and the last four digits of their credit card numbers were not safeguarded for almost the previous year.

News of Panera's data leak follows a security breach that exposed the email addresses, user names, and passwords of 150 million users of MyFitnessPal, a fitness-tracking app owned by Under Armour.

Panera, also known as St. Louis Bread Company, reportedly leaked millions of customers records online according to a security company.

Krebs reports that the data was available in plain text on Panera's website and included records for anyone that signed up for an online account to order food.

Shortly after KrebsOnSecurity spoke briefly with Panera's chief information officer John Meister by phone today, the company briefly took the Web site offline.

Eight months roll by - all the while, Houlihan's checking every month to see if the security hole has been fixed - and nothing happens.

Fortnite is now publicly available on iPhone and iPad
Hillman sent a request to Epic Games asking them to warn players about playing Fortnite mobile in class, seemingly as just a joke. While Fortnite Mobile on iOS is now fully available to all players, it still isn't finished when it comes to development.

To make matters worse, it seems that Panera Bread wasn't too responsive to solve the problem either.

The problem was first identified by security researcher Dylan Houlihan, who supplied Krebs with emails dating back to August 2017 that show Houlihan informing Panera's information security director about the leak.

'Following reports today of a potential problem on our website, we suspended the functionality to fix the issue'.

The company also claims that there is "no evidence of payment card information being accessed or retrieved". However, Panera then gave statements to other media (Reuters, Fox Business) saying that Krebs was wrong, that "fewer than 10,000 consumers" were actually affected, and that they're about "to finalize our investigation".

"At last count, the number of customer records exposed in this breach appears to exceed 37 million", Krebs said.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.