Researcher Spots Huge Holes in Panera's Online Security

Up to 37M customer records may have been exposed
By Rob Quinn,  Newser Staff
Posted Apr 3, 2018 2:41 AM CDT
Report: Panera Bread Leaked Info on 37M Customers
A passer-by walks near an entrance to a Panera Bread restaurant in Natick, Mass.   (AP Photo/Steven Senne, File)

Being light, airy, and full of holes is a good quality in an English muffin. Unfortunately for Panera Bread, their online security system seems to have similar attributes, According to the KrebsOnSecurity blog, a data breach may have exposed as many as 37 million customer records at the bakery chain for at least eight months, including the records of any customer who ordered food online from, which was taken offline late Monday. The blog says the exposed records include names, email and physical addresses, and the last four digits of customers' credit card numbers. Security researcher Brian Krebs says the information was available in plain text and could easily have been lifted by automated tools.

Krebs says he was informed of the breach by security researcher Dylan Houlihan, who shared emails showing that he first contacted Panera director of information security Mike Gustavison about the problem in August last year. John Meister, Panera's chief information officer, tells Fox that the company takes security very seriously and "this issue is resolved." He says there is no sign that a large number of records were retrieved and contrary to Krebs' report, the company believes fewer than 10,000 customers were affected. Gizmodo notes that more security issues, including exposed administrative logins, came to light after the Krebs report Monday night—and as a "kicker," Gustavison, the information security chief, directed security at Equifax before the massive breach that exposed data on 143 million Americans.
(More Panera Bread stories.)

Get the news faster.
Tap to install our app.
Install the Newser News app
in two easy steps:
1. Tap in your navigation bar.
2. Tap to Add to Home Screen.