INFRA
INFRA
INFRA
37M Panera Bread customer records found to be exposed to all and sundry
Some 37 million customers of the Panera Bread Co. may have had their personal information stolen after it was disclosed that the cafe chain left the data exposed on its servers in plain text for all and sundry to download.
The data breach was discovered by security researcher Dylan Houlihan. He said in a post on Medium Monday that he informed the company of the data being publicly accessible in August last year but has only gone public on the matter now as Panera, eight months later, had taken zero action to secure the data at hand.
The data includes the full name, home address, email address, food/dietary preferences, username, phone number, birthday and last four digits of a saved credit card, according to Houlihan. All that could be accessed in bulk by any user who had signed up for an account.
Worse still, after initially dismissing Houlihan’s report of the data breach as a hoax, Panera subsequently admitted the breach and said it would be dealt with, but did absolutely nothing to fix it.
Panera denied the extent of the data breach, telling Fox News that “our investigation to date indicates that fewer than 10,000 consumers have been potentially affected by this issue, and we are working diligently to finalize our investigation and take the appropriate next steps.”
Roy Feintuch, co-founder and chief technology officer of Dome9 Security Inc., told SiliconANGLE that the Panera Bread incident is a textbook example of security crisis mismanagement.
“What we’re seeing is poor application security design that exposes internal resources, compounded by poor incident response, negligence and pure lies,” Feintuch said. “Even after the data exposure was purportedly fixed, folks were able to find open ports” using simple queries.
Photo: jeepersmedia/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
