Panera Bread apparently left millions of customer records exposed online

Panera Bread apparently left millions of customer records exposed online

You can add Panera Bread to the list of companies that have left customer data exposed. Thanks to security researcher Dylan Houlihan, KrebsOnSecurity discovered that Panera Bread apparently left millions of customer sign-up records (around 37 million) in plain text on its website. These records include email addresses, phone numbers, loyalty account numbers and home addresses. Thankfully, there was no payment information, but it would have been very easy for eavesdroppers to harvest the information and use it for identity fraud or spam campaigns.

To make matters worse, it seems that Panera Bread wasn’t too responsive to solve the problem either. Houlihan notified the company about the problem back in August 2017 and got a response from the team that they are “working on a resolution,” but apparently didn’t take down the information until KrebsOnSecurity got involved, twice.

In a statement, Panera Bread said they’re still investigating the vulnerability but their investigation so far shows that there was “no evidence” of either payment info or anyone accessing a “large number” of accounts. This is a huge problem because it goes to show again that companies have failed to encrypt the data or abide by basic security policies.

Hamza Khalid

Hamza Khalid is the Lead Editor at The Jolt Journal. You're more than welcome to follow him on Twitter and follow The Jolt Journal on Twitter and Facebook. If you have any questions, concerns, or need to report something in this article, please send our team an email at [email protected]. This story may be updated at any time if new information surfaces.

At The Jolt Journal, no one tells us what to write or how to write it. This is why, in the era of lies and bias, readers turn to an independent source. Rest assured, all information on our website is free of any bias or influence. If you see anything wrong with a story, please don't hesitate to reach out. We do our very best to report on the latest available information.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.