Panera Bread's website allegedly leaked customer records for at least eight months.
KrebsOnSecurity reported that names, email, birthdays, last four digits of credit card numbers and physical addresses were a part of the data leak of millions of customers who ordered food online on the company's website.
The restaurant chain was allegedly aware of the security breach since August 2017, but dismissed it believing that it was just a scam. However, a week later the company said that they were "resolving the issue."
On April 2, data shared indicated that Panera's website was still leaking customer records and could be easily indexed and crawled by automated tools.
Panera briefly took its website offline to address the breach. The website is currently back online.
It is unclear on how many people the data breach affected.
Panera released the following statement after being notified of the breach:
“Panera takes data security very seriously and this issue is resolved. Following reports today of a potential problem on our website, we suspended the functionality to repair the issue. Our investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved.”
To read the full original blog post, please click here.
