Markets

Order Panera online? Credit card, SS numbers exposed, report says

Order Panera online? Credit card, SS numbers exposed, report says

Panera Bread issued a statement to Fox News this week saying it resolved a data breach that exposed the personal information of "thousands" of customer records.

The information included names, email and physical addresses, birthdays and the last four digits of the credit card number of the customers who ordered for delivery of food on the company's website. Past year the credit agency Equifax, meanwhile, revealed that hackers had stolen some of its customers' personal data, affecting almost 140 million people in total.

Krebs immediately took to Twitter to challenge Panera's claim and reveal that the chain's effort to fix the problem still left millions of customers on their catering registry exposed.

In statements to Fox Business after Krebs published his piece, however, Panera's chief information officer John Meister said the leaks affected "fewer than 10,000 consumers".

The report said that a security researcher, Dylan Houlihan identified and alerted Panera about the leak as long ago as August 2nd, 2017.

Olly Murs wants to go to Prince Harry's wedding with his mother
Craddock, who started her floristry business in 2009, prefers to "use seasonal flowers and greenery", according to her website . He also divulged unflattering details of the end of the royal bride's first marriage to Hollywood producer Trevor Engelson .


As each month passes, Houlihan investigates whether the Panera Bread security vulnerability still exists - and, sadly, it does.

"No, the flaw never disappeared", Houlian told Krebs.

Most commonly you'll hear these words just after a company has suffered an embarrassing data breach, perhaps having carelessly exposed the personal information of innocent customers onto the net or had a database stolen by hackers. KrebsOnSecurity said the incremenatal customer numbers indexed by the site suggest that the number may be higher than 7 million, and it's also uncertain whether Panera customer account passwords may have been impacted.

A representative from Panera did not respond immediately to a request for comment from MONEY.

Houlihan, having finally had enough of Panera's inaction, reached out to security professional Brian Krebs to replicate and announce the security issues.


loading...