Security company reports Panera customer records leaked

Monday the security company KrebsOnSecurity reported on its website that Panerabread.com for Panera leaked millions of customers records.  According to the security company, the records contained names, email and physical address, birthdays and the last four digits of customers credit card numbers.

Panera has since pulled its website down to fix the problem.

KrebsOnSecurity says it was contacted by security researcher Dylan Houlihan about the breach after he tried the get the problem fix by Panera as far back as August 2017 in emails between him and Mike Gustavison, Panera’s Director of Information Security.

Panera has issued the following statement:

“Panera takes data security very seriously and this issue is resolved,” the statement reads. “Following reports today of a potential problem on our website, we suspended the functionality to repair the issue.  Our investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved.”

Panera also told KrebsOnSecuirty that the problem was fixed Monday within 2 hours after being notified of the breach.