Looks Like Panera Bread May Have Leaked Millions of Customer’s Data

Q: What happened in the Panera Bread Data Leak?

Panera’s website accidentally exposed millions of customer records — names, emails, addresses, birthdays and last four digits of payment cards — visible on the site for months.

Q: How many customers were affected by the incident?

Panera reported fewer than 10,000 affected customers, but independent reporting estimated the number could be around 37 million records potentially exposed.

Q: Did the leak include full payment card numbers?

Panera stated that no full card numbers were obtained through the exposure; only partial card data (the last four digits) was reportedly visible.

Q: What immediate steps should Panera customers take?

Monitor bank and credit statements for suspicious activity, check and secure online account credentials, review loyalty balances, and consider changing passwords and enabling additional account protections.

Q: Will Panera notify impacted customers and investigate further?

Panera said it was investigating the incident and took its site down briefly to remediate the issue; affected customers should watch for official notifications and follow recommended security guidance.

Published by

Clara

Jan 4

Panera Bread Data Leak: Millions Exposed

If only there were a foolproof way to prevent data exposures. A fix as straightforward as placing an online order… ironically, that’s exactly what started this mess.

The tech experts at Panera Bread accidentally exposed millions of customer records for at least eight months, according to a KrebsOnSecurity investigation.

The cybersecurity outlet reports anyone who registered for an online account had their personal details — full names, email addresses, physical addresses, birthdays and the last four digits of payment cards — displayed in plain view on the Panera Bread website.

Reportedly, Panera was aware of the exposure as early as August 2017 but initially treated it as a hoax. Yikes.

Panera Bread Fixed the Exposure… For Now

Panera briefly took its website down yesterday to address the vulnerability, and after it returned online, customers’ information was no longer openly available.

Once the issue made headlines, Panera Bread asserted that under 10,000 customers were impacted — while KrebsOnSecurity estimates the number is closer to 37 million.

Panera says it will keep probing the incident and insists no complete card numbers were obtained through the leak.

Steps to Take if You Have a Panera Online Account

If you hold a loyalty card number, keep a careful eye on it, since those values were reportedly exposed in the Panera Bread incident as well.

Fraudsters might redeem any prepaid balances or points before you even notice. (You might want to use or transfer those rewards right away.)

Be cautious about giving out personal data, even to companies you trust, because, well, this is what can happen.

Unfortunately, beyond watching your credit and bank statements for odd charges, there isn’t much else to do at the moment.

This bakery’s screw-up doesn’t appear likely to disappear quickly, so keep an eye out for updates and consider reviewing your security settings and accounts tied to your online profile and online identity.

Also be aware that large restaurant chains have been targets before — for instance, other incidents like a pizza hut security breach show how widespread these problems can be.

Alex Monroe is a staff writer at Savinly. Mmmm, bread.