The Franchise Owner's most trusted news source


Log In / Register | Apr 20, 2018

Krebs: Panera Bread Leaked Records of over 37 Million People

Panera by nightAlthough warned eight months ago about customer records being easily accessible, Panera Bread did nothing until just a few days ago, says Brian Krebs of KrebsOnSecurity. Krebs tweeted on Monday that Panera is "trying to massively downplay this breach," which he estimates could affect upwards of 37 million people.

Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants by the same name, leaked millions of customer records — including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number — for at least eight months before it was yanked offline earlier today, KrebsOnSecurity has learned.

The data available in plain text from Panera’s site appeared to include records for any customer who has signed up for an account to order food online via panerabread.com. The St. Louis-based company, which has more than 2,100 retail locations in the United States and Canada, allows customers to order food online for pickup in stores or for delivery. — Brian Krebs, KrebsOnSecurity

Alex Holden, founder and chief information security officer at Hold Security, told Nation's Restaurant News on Tuesday that Panera Bread’s initial repair was inadequate.

“I believe that the fix applied last night mitigated the immediate issue with exposure,” he told Nation’s Restaurant News in an email.

“However, looking at my personal setting account on Panera site, I noticed a number of serious vulnerabilities and exposures that are unbecoming to a site like Panera’s and the data it is set to protect.” — Nancy Luna, Nation's Restaurant News

Your rating: None Average: 5 (1 vote)

About BMM Staff