Sometimes popular retail chains discover malware on their systems that is there to steal customer data. Sadly, this is very common. That’s what has happened at Panera Bread. The bakery-cafe chain has confirmed that its website suffered a data breach which likely affects over 37 million of its customers. To make matters worse, the chain knew about the hack for almost a year before disclosing this info.
Security publication KrebsOnSecurity reports that Panera Bread knew about the at-risk data which includes emails, names, mailing addresses, birthdays, and the last four digits of customers’ credit cards for almost a year before it took down the page that was leaking the data. When are these companies going to learn?
The data that was available in plain text from the company’s website includes records for any customer who signed up for an account to order food online through panerabread.com. In think it’s safe to say that their customers are not happy at all. Dylan Houlihan, a security researcher, initially notified the chain about the customer data leak back in August 2017.
The company initially dismissed the report as a possible scam. Apparently, later the company had validated his findings and had started working on a fix.