Security expert Brian Krebs said on his blog that personal details such as names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number have been accessed by criminals since August 2017. The company has more than 2,100 retail locations in the United States and Canada and it allows customers to order food online for pickup in stores or for delivery. Thus, customers who have signed up for an account to order food online via panerabread.com may have had their account attacked.
After this story was published, Panera gave a statement to Fox News stating that only 10,000 customer records were exposed. However, it is not clear how many Panera customer records may have been exposed by the company’s leaky website, but incremental customer numbers indexed by the site suggest that number may be higher than seven million, the security expert continues. Also, it is unclear whether Panera customer account passwords have been impacted.
In addition, the vulnerabilities also appear to have extended to the restaurant’s commercial division which serves countless catering companies. At last count, the number of customer records exposed in this breach appears to exceed 37 million, Brian Krebs concluded.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now