Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants by the same name, leaked millions of customer records — including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number — for at least eight months before it was yanked offline earlier today, KrebsOnSecurity has learned.
The data available in plain text from Panera’s site appeared to include records for any customer who has signed up for an account to order food online via panerabread.com. The St. Louis-based company, which has more than 2,100 retail locations in the United States and Canada, allows customers to order food online for pickup in stores or for delivery.
Equifax, which suffered a massive data breach in 2017 that exposed the personal information of nearly 150 million consumers, has been sending out erroneous notification letters to a “small percentage” of those affected, the company confirmed Monday.
Hackers breached the credit reporting agency’s records, exposing data belonging to millions of accounts monitored by Equifax. Since then, the company has been reaching out to people who were affected by the breach, offering free credit monitoring and other remediation efforts.
Read more on CNBC.