Order Panera online? Credit card, SS numbers exposed, report says
Panera Bread's website leaked the information of customers who used its website to place orders for the past eight months, according to an internet security website.
KrebsOnSecurity.com reported that the website had leaked names, addresses and the last four digits of credit card numbers until yesterday. The site was taken down early Monday, according to the report.
According to the report, the chain was notified about the breach by security researcher Dylan Houlihan in August but his concern was initially dismissed. A company investigation confirmed the breach to Houlihan and told him the IT team was working on a fix.
Houlihan said he checked the site monthly and found the leak had not been fixed as late as Monday. KrebsOnSecurity said it contacted Panera on Monday and the website was taken down.
The site was back up as of 11:15 a.m. on Tuesday and was accepting orders. There was no mention of the breach on the website or social media platforms. The app was also accepting orders.
In a statement to Reuters, Panera Bread Chief Information Officer John Meister said that there was no evidence of payment card information being accessed. Meister said less than 10,000 customers were affected.
Panera has not yet returned a message from New Jersey 101.5.
Panera has 73 locations in New Jersey and 2,100 locations nationwide.
Hudson Bay Company, the parent company of Saks Fifth Avenue and Lord & Taylor, announced Sunday that its store payment systems were breached after 125,000 hacked records were put up for sale on the dark web. Around 5 million credit and debit cards may have been affected.
The company said it was investigating and taking steps to contain the attack.