ADVERTISEMENT
ADVERTISEMENT
RADP / Pulse Nigeria  >  BI  >  Strategy

Panera reportedly ignored a breach that exposed thousands of customers' information for 8 months

pulse

Panera Bread is under fire for reportedly ignoring a website flaw that exposed thousands of customers' personal information.

  • A security researcher says he reached out to Panera eight months ago about the leak, but that the company did nothing until Monday.
  • "Our investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved," Panera's CIO said in a statement.

Panera Bread is under fire for reportedly spending months ignoring a website flaw that exposed thousands of customers' personal information.

For at least eight months, Panera's website leaked customer records, cyber security blog KrebsOnSecurity reported Monday. Information reportedly included the names, email and physical addresses, birthdays, and partial credit card numbers of any customer who signed up to order Panera online.

According to KrebsOnSecurity, security researcher Dylan Houlihan realized that the information was visible and easily accessible in plain text from Panera’s site in August. Houlihan reportedly reached out to Panera, but he says the company failed to make any changes.

ADVERTISEMENT

"The flaw never disappeared," Houlihan told KresbsOnSecurity. "I checked on it every month or so because I was pissed."

When KrebsOnSecurity contacted Panera about the issue, the company briefly took its online ordering website offline on Monday. But the flaw was not immediately fixed when the website went back online, according to a blog post written by Houlihan, as well as the findings of other security experts.

clearly the fact that @pane... @ briankrebs

Later in the day on Monday, Panera took the site offline again and has apparently fixed the flaw.

A representative from Panera said the company's investigation indicates "fewer than 10,000 consumers have been potentially affected," a figure that KrebsOnSecurity founder Brian Krebs argued was highly unlikely.

ADVERTISEMENT

Per my last tweet, Panera i... @ briankrebs

KrebsOnSecurity reports that the issue impacted "millions" of customers, with estimates as high as 37 million, as it seems anyone who signed up to order food online from Panera could have had their information leaked.

"Panera takes data security very seriously and this issue is resolved," John Meister, Panera Bread's CIO, said in a statement to Business Insider.

"Following reports today of a potential problem on our website, we suspended the functionality to repair the issue," Meister continued. "Our investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved."

pulse

Enhance Your Pulse News Experience!

Get rewards worth up to $20 when selected to participate in our exclusive focus group. Your input will help us to make informed decisions that align with your needs and preferences.

I've got feedback!

JOIN OUR PULSE COMMUNITY!

Unblock notifications in browser settings.
ADVERTISEMENT

Eyewitness? Submit your stories now via social or:

Email: eyewitness@pulse.ng

ADVERTISEMENT
ADVERTISEMENT