Panera Bread says it fixed website security flaw exposing customer records

- A data breach exposed Panera Bread customer records, FOX Business reports, and the company said it has fixed the security flaw on its website.

The chain left the information of up to 37 million customers who signed up for delivery and other services including, “names, email, physical addresses, birthdays, and the last four digits of the customer’s credit card number,” in plain text format accessible via its website, per a report on Monday from KrebsOnSecurity.

Brian Krebs, a security writer, wrote that researcher Dylan Houlihan identified and notified the fast-casual bakery about the vulnerability as long as August 2, 2017, but Krebs added it wasn’t until Monday that they took any action on what was initially believed to be 7 million exposed records. 

FOX Business said Panera Bread denied the data breach exposed a “large number of records,” despite the report. 

“Panera takes data security very seriously, and this issue is resolved,” Panera Bread Chief Information Officer John Meister said in a statement to FOX Business. “Following reports today of a potential problem on our website, we suspended the functionality to repair the issue.  Our investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved.” 

Meister added: “Our investigation to date indicates that fewer than 10,000 consumers have been potentially affected by this issue, and we are working diligently to finalize our investigation and take the appropriate next steps.”

Read more at FOX Business.

Up Next:

Up Next