Data Breaches News Security

Panera Bread Ignored Data Breach Warning, Said it was a “Scam”

Written by adezero

Panera Bread has suffered a major data breach, affecting potentially 7 million customers. The data is said to include names, email addresses, and credit card information. What’s worse – the data could have been crawled and indexed with simple automated tools.

This wasn’t news to those at the top at Panera Bread. Last summer, a security researcher told Panera Bread that their website was exposing this sensitive data. When Panera was made aware of the flaw, they dismissed it as a scam or sales pitch. After months of the flaw continuing to be exposed and unpatched, the security researcher decided to go public with evidence of the vulnerability.

“I am not exaggerating when I say you have a massive sensitive data exposure issue,” he said, “and I’d simply like you to be made aware of it so you can quickly resolve it.” -researcher Dylan Houlihan (in response to Panera Bread maintaining that he was giving a sales pitch).

Panera Bread is now downplaying the security of the breach, telling Fox News they have secured the breach and only ten thousand records were exposed. Krebs on Security is not buying it, especially considering Panera’s commercial division which serves countless catering companies which may run on the same software.

As of this writing, Panera has not made any statement on their website (it was recently taken down) nor on Twitter about the breach.

Photo Credit: Mike Mozart

Comment with Facebook

About the author

adezero

Owner and contributor of socialhax.com
Follow @adezero on Twitter

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.