“The security aspect of cyber is very, very tough,” a man once said while talking incoherently about cybersecurity and online threats. But that’s still a fact. Cybersecurity is difficult, especially if you don’t care about fixing critical issues that would allow hackers to steal sensitive data belonging to millions of customers.
Panera Bread did apparently just that. It ignored warnings that its website might be leaking, leaving the vulnerability unpatched for eight months. When it became clear that the public would find out about it, the company came forward saying that 10,000 customers may have been affected by the security issues. The number, it turns out, may be closer to 37 million than to that 10,000, which appears to be an arbitrary amount.
It all started early last August when security researcher Dylan Houlihan notified the restaurant chain that its website was leaky. He discovered that user data for any customer who signed up to order food online or have it delivered, was available in plain sight. Information including names, emails, physical addresses, birthday addresses and the last four digits of a customer’s credit card number could be obtained by anyone, browsing through the site. Panera loyalty card numbers were also exposed in the database. All that data was available in plain text form, and hackers could have accessed it pretty easy.
Houlihan’s warning was dismissed as a scam initially. Then, Panera Bread’s director of information security Mike Gustavison acknowledged the issue and told him that the company is working on a resolution. Hilariously, Gustavison worked at Equifax from 2009 to 2013 as a Director of Information Security.- READ MORE
[give_form id=”79809″] [contentcards url=”http://bgr.com/2018/04/03/panera-bread-data-breach-warning/” target=”_blank”]