Advertisement
Tech

Report: Panera’s website leaves ‘millions’ of customers’ data exposed

37 million customers could be affected.

Photo of Kris Seavers

Kris Seavers

Panera Bread's website reportedly left millions of customers' data exposed for at least eight months.

A security flaw in Panera Bread’s website has left “millions” of customers’ information vulnerable to “anyone who knew where to look” for at least eight months, according to CNET.

Featured Video

The exposed data includes customer names, email addresses, birthdays, the last four digits of payment cards, phone numbers, and physical addresses, reports cybersecurity writer Brian Krebs. Panera loyalty card numbers, which could potentially be abused by scammers, were also exposed.

“The data available in plain text from Panera’s site appeared to include records for any customer who has signed up for an account to order food online via panerabread.com,” Krebs said.

Another security researcher notified Panera of the website vulnerability in August 2017, but the restaurant chain didn’t address the issue until Monday. Panera confirmed the problem, saying it affected only 10,000 of its customers.

Advertisement

“Panera takes data security very seriously and this issue is resolved,” said John Meister, Panera’s chief information officer. “Following reports today of a potential problem on our website, we suspended the functionality to repair the issue. Our investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved.”

But Krebs writes the company has only “fixed” the vulnerability “by requiring people to log in to a valid user account at panerabread.com in order to view the exposed customer records.” The data breach may also affect customers of other catering companies that fall under Panera’s commercial division.

“At last count, the number of customer records exposed in this breach appears to exceed 37 million,” Krebs said.

H/T CNET

Advertisement
 
The Daily Dot