A flaw on the Panera Bread website caused customer information to be leaked, including names, email addresses, birthdays and the last four digits of payment cards for those who had signed up to order food online, according to a report in Krebs on Security. Although Krebs estimated that more than 37 million customers could be affected, Panera’s chief information officer said in a statement to Reuters that the issue was resolved and that the leaks affected “fewer than 10,000 consumers.”
Panera suspended the website to repair the issue after being notified by Krebs on Security. However, as Krebs later noted, Panera’s fix still allowed those who logged into panerabread.com using a valid account to view customer information.
Eight months after the flaw was first reported to Panera, it remained unfixed, according to Krebs. The chain has 53 locations in Maryland, including Annapolis, Baltimore, Columbia, Hanover, Bel Air, Bethesda, Ocean City, Bowie, Rockville and Towson.
By Feroze Dhanoa, Patch National Staff, contributed to this article