Panera Bread's website involved in a data leak

05 April, 2018, 01:47 | Author: Harriet Bell
  • The sign on the hood of a delivery truck for Panera Bread Co. is seen in Westminster Colorado

The website for restaurant chain Panera Bread has made the personal information for customers' online accounts available for takeout since August previous year, according to security researcher Dylan Houlihan. The leaked data appears to belong to any Panera customer who signed up for an account to order food online at the website.

Panera Bread's website reportedly allowed anyone to access customers' personal information, including names, addresses, and partial credit card numbers.

Houlihan said that Panera was originally notified back in August 2017. Panera Bread, however, has downplayed the severity of the data leak, telling Fox News "only 10,000 customer records were exposed".

As of April 2, the leak hadn't been addressed despite Panera's director of information security, Mike Gustavison, relaying in August that they were working to resolve the issue.

Panera Bread said the security issue was resolved this week and that it would have only impacted 10,000 customers or fewer.

You can add Panera Bread to the list of companies that have left customer data exposed.

Gender pay gap: What happens to firms that miss deadline?
Theresa May's article comes ahead of Wednesday's midnight deadline, which applies to some 9,000 firms across the United Kingdom . In a piece in the Telegraph , Prime Minister May emphasised the importance of tackling gender parity with regards to wages.

De Bruyne: I can not be compared to Salah
He's well on his way to smashing the Premier League record for number of goals in a 38-game season, which now stands at 31. The two players are expected to headline Wednesday's Champions League match between the two English Premier League teams.

Facebook execs defend selves after 'ends justify the means' memo
Facebook was under fire those days because of a live stream that contained the shooting footage of a Chicago man. At least some Facebook critics accepted Bosworth's defense that he'd merely been trying to provoke.

"Panera Bread sat on the vulnerability and, as far as I can tell, did nothing about it for eight months", Houlihan wrote in a blog post about the breach.

No payment information or full credit or debit card numbers were stolen, the report said.

KrebsOnSecurity spoke with Panera's chief information officer John Meister yesterday and the company briefly took the website offline. Krebs then learned that the security vulnerabilities may have affected Panera's commercial division and raised the number of potentially compromised consumers to approximately 37 million.

The company said in a statement that following the reports, it made a decision to "shut down its website in order to fix any problem that may exist".

According to Houlihan, the flaw "let anyone search by a variety of customer attributes, including phone number, email address, physical address, or loyalty account number". Hilariously, Gustavison worked at Equifax from 2009 to 2013 as a Director of Information Security.

Recommended:



Popular

Trump sues California over sales of USA lands
Asking about citizenship, the lawsuit said, "will fatally undermine the accuracy of the population count". The plaintiffs, led by New York Attorney General Eric Schneiderman, saw an ulterior motive.

China hits USA soybeans, cars, planes with retaliatory tariffs
The yield on the 10-year US Treasury note fell to 2.76% as investor demand for the steady returns of bonds shot up their prices. China expresses " strong dissatisfaction " over the decision, adding that it "aggravates the global trade environment".

Justice Department authorized Mueller to investigate allegations that Manafort colluded with Russia
Manafort is charged with money laundering and tax fraud related to his lobbying work for a pro-Russia political party in Ukraine. Manafort has sought to have the case dismissed, arguing that the charges against him are outside of Mueller's authority.

Man arrested on suspicion of assault, abuse
He then allegedly patted him down and told he was "lucky" he wasn't being arrested and then left, Roechner said. Drzewiecki said officers attempted to find the man back at the home but he didn't answer the door.

The stock markets appraised Spotify on 30 billion United States dollars
No Initial Public Offering means that there are no investment banks to underwrite (or sponsor) and price the offering. Analysts' advice, however, is that companies are not to be misled by Spotify's first day on the market.

NCAA Championship: Villanova wins second national title in three years
The No. 1-seeded Wildcats finished their season with a 79-62 win in the championship game against the No. 3 Michigan Wolverines . Everything was decided, all drama eliminated, by the time the final minute of the 2018 national championship game approached.

Trump threatens to stop aid to Honduras unless caravan is stopped
Early on Tuesday, President Trump called out the 1,000-person caravan of immigrants traveling toward the USA border. Trump spoke about renegotiating NAFTA and building a border wall that would produce solar power during the rally.

Intel's new Core i9 chips could make laptops feel like desktops
The new H-series CPUs sit between the company's U-series - made for thin and light notebooks - and its powerhouse G-series units. Overall, the 8th Gen Core i9 is 29 percent better in performance compared to the previous generation 7th Gen Core i7.

Egypt's Sisi sweeps vote with 97pc, turnout down
Morsi's removal in 2013 ushered in a deadly crackdown that killed and jailed hundreds of Islamists. Opposition groups had called for a boycott of the week's vote which they labelled a charade.

Bochy hits milestone with Friday's win at Dodger Stadium
Two innings later, Posey started the sixth with a double and even stole third, but the Giants were unable to bring him home. The former NL MVP laced up his cleats for his new team on Thursday night for the team's win over the Los Angeles Dodgers .