Security company reports Panera customer records leaked

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

Monday the security company KrebsOnSecurity reported on its website that Panerabread.com for Panera leaked millions of customers records.  According to the security company, the records contained names, email and physical address, birthdays and the last four digits of customers credit card numbers.

Panera has since pulled its website down to fix the problem.

KrebsOnSecurity says it was contacted by security researcher Dylan Houlihan about the breach after he tried the get the problem fix by Panera as far back as August 2017 in emails between him and Mike Gustavison, Panera’s Director of Information Security.

Panera has issued the following statement:

“Panera takes data security very seriously and this issue is resolved,” the statement reads. “Following reports today of a potential problem on our website, we suspended the functionality to repair the issue.  Our investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved.”

Panera also told KrebsOnSecuirty that the problem was fixed Monday within 2 hours after being notified of the breach.

Notice: you are using an outdated browser. Microsoft does not recommend using IE as your default browser. Some features on this website, like video and images, might not work properly. For the best experience, please upgrade your browser.