UPDATED 23:15 EST / APRIL 03 2018

INFRA

37M Panera Bread customer records found to be exposed to all and sundry

Some 37 million customers of the Panera Bread Co. may have had their personal information stolen after it was disclosed that the cafe chain left the data exposed on its servers in plain text for all and sundry to download.

The data breach was discovered by security researcher Dylan Houlihan. He said in a post on Medium Monday that he informed the company of the data being publicly accessible in August last year but has only gone public on the matter now as Panera, eight months later, had taken zero action to secure the data at hand.

The data includes the full name, home address, email address, food/dietary preferences, username, phone number, birthday and last four digits of a saved credit card, according to Houlihan. All that could be accessed in bulk by any user who had signed up for an account.

Worse still, after initially dismissing Houlihan’s report of the data breach as a hoax, Panera subsequently admitted the breach and said it would be dealt with, but did absolutely nothing to fix it.

Panera denied the extent of the data breach, telling Fox News that “our investigation to date indicates that fewer than 10,000 consumers have been potentially affected by this issue, and we are working diligently to finalize our investigation and take the appropriate next steps.”

Roy Feintuch, co-founder and chief technology officer of Dome9 Security Inc., told SiliconANGLE that the Panera Bread incident is a textbook example of security crisis mismanagement.

“What we’re seeing is poor application security design that exposes internal resources, compounded by poor incident response, negligence and pure lies,” Feintuch said. “Even after the data exposure was purportedly fixed, folks were able to find open ports” using simple queries.

Photo: jeepersmedia/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU