Panera leak exposed millions of customers’ private information: report

Panera Bread’s website has reportedly leaked the private information of millions of customers, KrebsOnSecurity reported.

The leak exposed the data of all the customers who made accounts on Panera’s website to order food, including names, emails, physical addresses, birthdays and last four digits of their credit card information, KrebsOnSecurity reported on Tuesday.

The group said it learned about the leak when notified by a Dylan Houlihan, a security researcher, on Monday. Houlihan said he had also notified Panera about the data leak in August.

{mosads}Messages between Houlihan and Panera’s director of information security, Mike Gustavison, show that Gustavison initially dismissed Houlihan’s warning as a scam but later validated his assertions and was working to fix the issue.

However, the website continued to leak customers’ private information, which Houlihan says can be easily crawled and indexed by automated tools.

After KrebsOnSecurity reached out to Panera about the data leak, they temporarily took their website offline and the leaked data seemed to be unreachable.

Panera said, in a written statement issued Tuesday, that it had fixed the issue within two hours after KrebsOnSecurity notified them.

Panera also told Fox Business Network that the data breach only exposed the records of 10,000 customers.

However, some analysts say that the leak could have exposed more than 37 million people’s data and affected Panera’s commercial division, which works with numerous catering companies.