ATLANTA, GA — A flaw on the Panera Bread website caused customer information to be leaked, including names, email addresses, birthdays and the last four digits of payment cards for those who had signed up to order food online, according to a report in Krebs on Security. There’s no word yet on which states had customers involved in the lapse.
Although Krebs estimated that more than 37 million customers could be affected, Panera’s chief information officer said in a statement to Reuters that the issue was resolved and that the leaks affected “fewer than 10,000 consumers.”
Panera suspended the website to repair the issue after being notified by Krebs on Security. However, as Krebs later noted, Panera’s fix still allowed those who logged into panerabread.com using a valid account to view customer information.
Eight months after the flaw was first reported to Panera, it remained unfixed, according to Krebs. The chain has 59 locations in Georgia, including Atlanta, Douglasville, Cartersville, Milton, Kennesaw, Roswell, Marietta and Woodstock.
By Feroze Dhanoa, Patch National Staff, contributed to this article
Photo by Juli Hansen/Shutterstock