Panera Bread leaked a bunch of customer data and downplayed the entire thing
The company waited months to announce the issue, only doing so after having its hand forced.
2018 has been the year of data breaches and security issues. And it’s only April.
While we can argue that past years have had as many in number and size, 2018 is the year that the general public is even starting to push back and really acknowledge the issues surrounding the information we give out so freely to companies and websites.
Panera Bread is the latest company to add to the list.
First reported in August 2017 by security professional Dylan Houlihan, Panera not only seemed dismissive of the claim at first, but proceeded to sit on the information for eight months without any clear plan or acknowledgement of the breach that revealed usernames, emails, physical addresses, and the last four digits of customers’ credit cards.
Houlihan, having finally had enough of Panera’s inaction, reached out to security professional Brian Krebs to replicate and announce the security issues. Within two hours of this, Panera Bread took down their website and “fixed” the issues. But, instead, it seems as if the information is still available, but now you must first have a valid Panera Bread account to go through the steps of accessing the unsecured data.
Panera also released a statement,
“Panera takes data security very seriously and this issue is resolved. Following reports today of a potential problem on our website, we suspended the functionality to repair the issue. Our investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved.”
Another security company, Hold Security, also has issues with this whole incident, claiming that Panera is drastically downplaying the severity of this breach, saying that up to 37 million customers may have been affected, as opposed to the 10,000 customers Panera announced to Fox News.
The real question here is why did this take eight months to address?
Do you use the Panera Bread website? How do you feel knowing that your data has been exposed? Let us know what you’re thinking down in the comments.