American fast casual restaurant chain Panera Bread has reportedly been hit by a data breach, leaking sensitive data of around 37 million customers who made transactions through its website over the last eight months, according to security news site KrebsOnSecurity.

KrebsOnSecurity reported that the leaked data included names, partial credit card information, email and physical addresses, birthdays and Panera loyalty card numbers.

Security researcher Dylan Houlihan notified Panera regarding the breach in August last year. Houlihan provided an account of him contacting Panera’s director of information security, Mike Gustavison by email. However, Gustavison initially dismissed Houlihan’s report.

Following the notification, Gustavison ended the exchange with Houlihan by stating that Panera is ‘working on a resolution’.

“The restaurant chain’s website has also gone offline after reports emerged of the possible data leak.”

Houlihan was quoted by KrebsOnSecurity as saying: “Panera Bread uses sequential integers for account IDs, which means that if your goal is to gather as much information as you can instead about someone, you can simply increment through the accounts and collect as much as you’d like, up to and including the entire database.

“No, the flaw never disappeared. I checked on it every month or so because I was pissed.”

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

Initially, KrebsOnSecurity reported that the data leak could include sensitive information of seven million customers. The restaurant chain’s website has also gone offline after reports emerged of the possible data leak.

Later, Panera issued a statement following the reports from the online security firm stating that only 10,000 customer records were compromised.

However, the security news site informed that the data leak may involve more than 37 million customers’ data.

Panera allows customers to order food from its 2,100 locations in the US and Canada through its website.