LOS ANGELES (CBSLA/CNET) – The popular restaurant chain Panera Bread exposed the personal information of its online customers for months before a website glitch was caught this week, according to a report.
The breach was not the result of a hack, but however allowed anyone who knew where to look to access the personal information for anyone who signed up for online food ordering through PaneraBread.com, according to KrebsOnSecurity.com, a site operated by cybersecurity expert Brian Krebs.READ MORE: Orange County Sees Drastic Spike In Anti-Asian Hate Incidents, Report Finds
That information, available in plain text, included customers’ names, emails, physical addresses, birthdays and the last four digits of their credit cards, Krebs said.
The leak was only caught Monday. Panera’s website was down as of Tuesday morning.
Security researcher Dylan Houlihan notified the company of the leak in August 2017, but the issue wasn’t resolved until Krebs reached out to Panera on Monday, Krebs said.READ MORE: LAFD Captain Victor Aguirre Sues Owner Of Downtown LA Building That Blew Up, Burning Him Catastrophically
The personal information was available on Panera’s website since at least last August, Krebs reports. It is unclear how many customers were effected.
Panera acknowledged the leak Monday, but disputes Krebs allegation that it had effected millions of customers. Panera claims the records of only about 10,000 customers were exposed.
“Panera takes data security very seriously and this issue is resolved,” said John Meister, Panera’s chief information officer, in an emailed statement to CNET Monday. “Following reports today of a potential problem on our website, we suspended the functionality to repair the issue. Our investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved.”MORE NEWS: Clippers’ New $1.8B Inglewood Arena, The Intuit Dome, Breaks Ground Friday
Panera Bread has about 2,100 restaurants in the U.S. and Canada.