Roughly 37 million customers of Panera Bread may have had their personal information exposed for some time over a span of eight months, according to Brian Krebs, a fairly well-known security researcher.
The fast casual restaurant chain reportedly left data like names, birthdays, last four digits of credit cards, and email and physical addresses in plain text on its official website. Those affected had signed up for an account to order food through panerabread.com, either pickup or delivery, Krebs wrote Monday on his blog KrebsOnSecurity.
He first learned about the apparent security breach recently, and published his findings Monday, but said that a fellow researcher noticed it in August. That cybersecurity sleuth, Dylan Houlihan, contacted Panera’s director of information security, who allegedly dismissed his concerns at first. Eventually, the Panera executive said they were working to fix the problem. Krebs noticed months later that the customer data was still accessible, something that Houlihan confirmed.
“No, the flaw never disappeared,” Houlian told Krebs. “I checked on it every month or so because I was pissed.”
Krebs spoke with Panera’s chief information officer, who temporarily shut down the website to fix any vulnerabilities and get rid of sensitive content.
It was revealed Sunday that prominent retail conglomerate Hudson’s Bay Company, which owns and operates Lord & Taylor and Saks Fifth Avenue, likely had millions of payments cards hacked, leaving the involved information susceptible of getting into the hands of nefarious criminals. (RELATED: Hotels Were Unknowingly Hacked For Months, Putting Thousands Of Credit Cards At Risk)
The frequency of cyber crimes in general appears to be intensifying, as hackers seem to be growing in skill disproportionate to organizations’ and people’s investment in cybersecurity capabilities and infrastructure.
Send tips to email@example.com.
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact firstname.lastname@example.org.