Panera warns of online data breach

Anna Jefferson
April 4, 2018

The data breach may also affect customers of other catering companies that fall under Panera's commercial division.

Online security experts allege that Panera Bread the bakery-café chain based in the US had millions of its customers' personal data available as well as searchable on its website for a minimum of eight months, leaving that data open to be stolen and used for identity theft.

Houlihan shared emails with Krebs dated August 9, 2017 in which Panera's director of information security, Mike Gustavison, said the company was "working on a resolution".

Manufacturing PMI at five-month low of 51 in March
Economists had expected the index to fall to 54.5 as a result of the disruption caused by the freezing temperatures. Still, charges rose at only a modest pace, to suggest that manufacturers' margins remained under pressure.


According to KrebsOnSecurity, security researcher Dylan Houlihan realized that the information was visible and easily accessible in plain text from Panera's site in August.

Names, and the last four digits of credit card numbers were among the information exposed in the breach.

That figure prompted challenged by independent security reporter Brian Krebs, who put the number initially at 7 million and subsequently revised his estimate to 37 million.

Centre urges SC for review of judgment regarding SC/ST Act
Hundreds of protesters carrying swords, sticks, baseball bats and flags forced shops to shut in Jalandhar, Amritsar and Bathinda. The Central government has wasted no time in seeking a review of the controversial judgment by the Supreme Court in Dr.


Panera Bread is under fire for reportedly spending months ignoring a website flaw that exposed thousands of customers' personal information. Houlihan says the flaw continued to exist, and he "check [ed] on it every month or so because I was pissed".

"I have also submitted reports like this to companies, in bug bounties and as a courtesy with no expectation of a reward", wrote Houlihan. It has since returned, and the data is no longer reachable.

No payment information or full credit or debit card numbers were stolen, the report said. Instead, they suggested that about 10,000 or fewer records had potentially been affected, and assured the public that the brand was taking the right steps toward cyber security, in a statement to Fox News. "Following reports today of a potential problem on our website, we suspended the functionality to fix the issue".

John Isner wins first Masters' 1000 title in Miami
He made 83 percent of his first serves in the final set. "Doing this here is very special for you". Get daily prep sports headlines from the Gwinnett Daily Post staff delivered to your email .


Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER