Published: Thu, April 05, 2018
Science | By Dan Gutierrez

Panera Bread's website leaked customer records

Panera Bread's website leaked customer records

Information including names, emails, physical addresses, birthday addresses and the last four digits of a customer's credit card number could be obtained by anyone, browsing through the site.

FOX Business said Panera Bread denied the data breach exposed a "large number of records", despite the report.

Houlihan claims he repeatedly warned the company about the breach back in August 2017 but the vendor did nothing.

In a statement to Reuters, Panera Bread said it had resolve the issue and the leaked data impacted less than 10,000 people.

KrebsOnSecurity said it contacted Panera on Monday and the website was taken down.

Messages between Houlihan and Panera's director of information security, Mike Gustavison, show that Gustavison initially dismissed Houlihan's warning as a scam but later validated his assertions and was working to fix the issue. It also says Panera left the breach exposed for at least 8 months.

Philip, husband of Britain's Queen Elizabeth, due to have hip surgery
He did not accompany Elizabeth to a church service on Maundy Thursday because of the hip problem, a royal source said last week. The Palace said Prince Philip was "comfortable and in good spirits" and is "progressing satisfactorily at this early stage".

But security reporter Brian Krebs and the security researcher who notified Panera of the breach a year ago disputed that account.

Millions of Panera Bread customers may have had their personal data exposed by the fast-casual restaurant chain, according to security experts.

Panera said there was no evidence of payment card information being leaked and that "o$3 ur investigation to date indicates that fewer than 10,000 consumers have been potentially affected by this issue".

The exchange came about a month after JAB Holding Co. completed its $7.5 billion purchase of Panera Bread Co.

Security researcher Dylan Houlihan wrote on Medium that he first reported the leak to Panera Bread in August. He stressed that the vulnerability never disappeared as he was checking it every month. Within two hours of this, Panera Bread took down their website and "fixed" the issues. The information was obtained due to a security flaw in Panera's online ordering and pick-up services, available in 2,100 locations across the US and Canada.

Krebs started digging around some more and learned that (1) Gustavison was formerly senior director of security operations at Equifax ...

Like this: