Panera website leaked customer data, claims security researcher

Adjust Comment Print

The data breach may also affect customers of other catering companies that fall under Panera's commercial division.

For at least eight months, Panera's website leaked customer records, cyber security blog KrebsOnSecurity reported Monday. Thankfully, there was no payment information, but it would have been very easy for eavesdroppers to harvest the information and use it for identity fraud or spam campaigns.

Houlihan, having finally had enough of Panera's inaction, reached out to security professional Brian Krebs to replicate and announce the security issues.

Krebs said Panera Bread was informed of the breach back in August by security researcher Dylan Houlihan.

The security breach compromised customer records containing names, email addresses, physical addresses, birthdays, and the last four digits of credit card numbers. A year ago the credit agency Equifax, meanwhile, revealed that hackers had stolen some of its customers' personal data, affecting almost 140 million people in total.

EPA Chief Scott Pruitt to Roll Back Obama-Era Auto Emissions Standards
And that, along with other legal actions, could tie up any changes the EPA winds up making for some time. More than a dozen states adhere to California's eco-friendly regulation.

Daniel and Henrik Sedin announce they'll retire from National Hockey League after 18 seasons
The differences were subtle - Henrik more of a playmaker at center, Daniel more of a finisher on the wing. Daniel scored only once in six games, in a 5-0 preliminary-round win against Slovakia.

North Korean leader attends concert by South Korean pop stars
Singer Lee Sun-hee, known for her ballads, and veteran singer Cho Yong-pil are other notable singers in the troupe. The deployment of such powerful weaponry during past drills has frequently drawn an angry response from the North.

"I have also submitted reports like this to companies, in bug bounties and as a courtesy with no expectation of a reward", wrote Houlihan.

KrebsOnSecurity says the company website was briefly taken offline after they spoke with Panera Chief Information Officer John Meister by phone Monday. Krebs says Gustavison initially dismissed Houlihan's report as a scam, but later realized that something was in fact afoot.

USA bakery chain Panera Bread has leaked millions of online consumer records, including birthdays and partial credit card numbers, for at least eight months, a computer security blog says. Within two hours of this, Panera Bread took down their website and "fixed" the issues.

Panera says there's no evidence any vehicle information was accessed or stolen.

"Following reports today of a potential problem on our website, we suspended the functionality to fix the issue", Meister continued.