Panera Bread Leak May Have Affected 37 Million Accounts

[rgMekanic]

On April 2nd we covered that Panera Bread had apparently left millions of customer information available, as plain text, for the last 8 months. Shortly after the story was published, Panera Bread gave a statement to FOX Business stating:

"Our investigation to date indicates that fewer than 10,000 consumers have been potentially affected by this issue, and we are working diligently to finalize our investigation and take the appropriate next steps."

Now, more data has come out according to the original source KrebsOnSecurity, that between the links they had found, as well as subsequent links share by Hold Security indicate that the breach may be far larger than the 7 million initially reported. Krebs states that the vulnerabilities may extend into Panera Bread's commercial division, which services catering companies. At last count, the number of records exposed exceeds 37 million.

 

[Gweenz]

It's more than they originally announced? No way!

 

[haste]

The only thing I am concerned with is how far back do the records go? I haven't eaten at a Panera Bread recently.

 

[raz-0]

It's more than they originally announced? No way!

The level of competency exhibited in this so far is laughable.

Panera: Serves up data in clear text.

Security dude: Please stop this it is bad.

Panera: fixed.

Security dude: Simply requiring that someone made a free panera account to reach the plain text customer data is NOT fixing it!

Panera: hunh?

 

[Gweenz]

The level of competency exhibited in this so far is laughable.

Panera: Serves up data in clear text.

Security dude: Please stop this it is bad.

Panera: fixed.

Security dude: Simply requiring that someone made a free panera account to reach the plain text customer data is NOT fixing it!

Panera: hunh?

I haven't read much about this particular breach, but that is absolutely pathetic, and not at all surprising.

 

[thesmokingman]

Where's that dude that was defending panera post after post in the other thread?

 

[Sedriss]

Screw Panera after they ruined my Italian Combo... But ya I would like to know how far back it goes. It's been almost a year or so since I ate there last.

 

[thesmokingman]

Talk about stretching the facts, " fewer than 10,000 consumers" equals 37 million.

 

[scojer]

So before it was only those with accounts. I haven't read up on it since, but is it anyone now? I don't have an account but ate there in the past 6 months. Did my CC info get compromised... again?

 

[Twisted Kidney]

Encryption is unnecessary to people who have nothing to hide.

 

[WhoMe]

37 million? No wonder this country has weight problem. I always pay cash at the grocery store so what I eat is between me and my checker and bagger. Same applies everywhere now. My favorite was reading about the data the marijuana sellers collect, and they are a cash business. This world is going to collapse into a black hole with the weight of all the data being collected everywhere.

 

[sparks]

appropriate next steps ROFL

just like the rest of these companies.....WE WILL MAKE EXCUSES while we cover our ass and customer, oh yea F the customer

 

[RPKYGK]

Who the hell gives their info to a bread store. What a world. Don't want to miss out on 99 cent dinner rolls I guess!

 

[Eickst]

What happened to the days of the punch out loyalty card? Why do I have to have an app

 

[danc3]

Applebee's, MyFitnessPal and now this...

Gonna stick with cash until companies take data and security more seriously.

 

[pgaster]

Talk about stretching the facts, " fewer than 10,000 consumers" equals 37 million.

You need to read the whole thing:

"Krebs states that the vulnerabilities may extend into Panera Bread's commercial division, which services catering companies. At last count, the number of records exposed exceeds 37 million."