«
»

Panera Bread May Have Leaked Customer Data For MONTHS….. Jinkies!

Panera Bread may have leaked at least eight months of online customer orders before it was taken down today according to KrebsOnSecurity. The data that was leaked contains names, birthdays, emails, home addresses and the last four digits of credit card numbers belonging to millions of customers who bought food online through panerabread.com.

What’s worse is that the company was warned about this leakage last August:

KrebsOnSecurity learned about the breach earlier today after being contacted by security researcher Dylan Houlihan, who said he initially notified Panera about customer data leaking from its Web site back on August 2, 2017.

A long message thread that Houlihan shared between himself and Panera indicates that Mike Gustavison, Panera’s director of information security, initially dismissed Houlihan’s report as a likely scam. A week later, however, those messages suggest that the company had validated Houlihan’s findings and was working on a fix.

Fast forward to early this afternoon — exactly eight months to the day after Houlihan first reported the problem — and data shared by Houlihan indicated the site was still leaking customer records in plain text. Worse still, the records could be indexed and crawled by automated tools with very little effort.

Wow. Panera Bread really dropped the ball on this one. Either that or they really didn’t care about the security of user data. The cynic in me is voting for the latter. It’s bad enough when a company gets pwned by hackers. But when you’re as insecure as this, it’s inexcusable. Here’s what’s even more inexcusable. When Brian Krebs who runs KrebsOnSecurity reached out to Panera to get their comments on this, they appear to have quickly yanked the website off line to fix the issue. Which implies they could have fixed this months ago when this was raised to them.

#Fail

The take home message is this. Panera Bread doesn’t take the security of your information seriously. Keep that in mind the next time you want to grab a snack or you want to order lunch for your company.

This entry was posted on April 3, 2018 at 11:47 am and is filed under Commentary with tags . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Panera Bread May Have Leaked Customer Data For MONTHS….. Jinkies!”

  1. Panera Bread Pwned… Sigh | The IT Nerd Says:
    February 2, 2026 at 12:28 pm

    […] have said that 14 million people have been affected. Which is bad. Especially given that they had a data leak in 2018. Well, news has surfaced that the Panera Bread data breach has affected 5.1 million accounts, not […]

    Reply

Leave a Reply

Discover more from The IT Nerd

Subscribe now to keep reading and get access to the full archive.

Continue reading