Panera Bread is feeling the heat after a major security flub.
A cyber security blog says Panera Bread's website reportedly leaked customer records for at least eight months. Krebs On Security said the data leak includes names, email and physical addresses, birthdays and the last four digits of credit card numbers of "millions" of customers who ordered food online on the company's website.
Researcher Dylan Houlihan identified and notified the fast-casual chain about the vulnerability as long ago as August, but the company did nothing about it until Monday.
Panera Bread apparently told Reuters that the issue has been resolved. In a statement, an official with Panera Bread said the, "investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved.”
While Panera downplays the issue, Krebs says the “fix” is exposing catering clients and others, to the tune of possibly 37 million.