Skip to main content

Panera Bread’s data leak might affect more than 37 million customers

It’s getting to the point where no matter what kind of business you conduct, there is a very real risk of seeing your personal information leaked to nefarious parties. So far, hackers have gained access to banking, credit reporting, health insurance, email, and seemingly just about every other modern circumstance where your data is saved in a database. The latest: That soup and salad you ordered online at Panera Bread might have cost you some peace of mind.

According to KrebsOnSecurity, the food chain’s website was leaking information for a minimum of eight months, specifically the names, email addresses, physical addresses, birthdays, and last four credit card numbers for customers who placed online orders. The company has more than 2,100 restaurants throughout the U.S. and Canada, and that amounts to a huge number of potentially affected accounts.

Recommended Videos

The leak was first brought to Panera’s attention in August 2, 2017, by security researcher Dylan Houlihan. For whatever reason, the system was only taken offline on Tuesday, April 3, leaving a full eight months during which anyone with the appropriate knowledge could have scraped off the information and used it in a variety of potentially damaging ways. As KrebsOnSecurity indicates, the database’s format is such that customers could be easily searched and identified using any of the data.

As Houlihan put it, “Panera Bread uses sequential integers for account IDs, which means that if your goal is to gather as much information as you can instead about someone, you can simply increment through the accounts and collect as much as you would like, up to and including the entire database.” In Houlihan’s opinion, Panera did nothing to address the issue during the entire eight-month period.

The number of customers affected by the breach is uncertain. While Panera has stated that only 10,000 accounts were compromised and that the company requiring a valid account login to access the information would mitigate the problem, further information indicates that the number of affected customers could number in the millions. In fact, greater than 37 million customers records could be involved.

As always, if you are potentially affected by this data breach, you will want to keep a close eye on all of your credit, banking, and other activity. If you see anything suspicious, then contact the relevant companies immediately. You might also consider investing in an identity theft protection service that can help you keep an eye out for any privacy concerns.

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
OnePlus customer data stolen in second data breach in two years
oneplus 7t macro lens iphone 11 lacks cameras

Phone company OnePlus has suffered another data breach, with an undisclosed number of customer names, contact numbers, email addresses, and shipping addresses stolen by an unnamed hacker or group.

This comes less than two years after up to 40,000 customers' private information was stolen from OnePlus, leading to credit card fraud using customers' details. In this case, the breach only came to light when the issue of credit card fraud was raised by a user on the OnePlus forums. An investigation subsequently discovered a malicious script had been gobbling up customer credit card details when they were entered into the OnePlus website.

Read more
AMD’s Ryzen 7 9800X3D may not give Intel any breathing room
The Ryzen 7 7800X3D installed in a motherboard.

The competition between Intel Arrow Lake and AMD Zen 5 hasn't been as fierce as usual, with both lineups delivering small gen-to-gen improvements. However, it seems that AMD may soon add a staple to its list of the best processors, and the CPU might be announced at the worst possible time for Intel. I'm talking about the Ryzen 7 9800X3D, which now has a rumored release date alongside some performance benchmarks.

The release date speculation was initially shared on Bilibili, but the user has since deleted their post. However, the discussion continued on Chiphell forums, spilling the beans on both the official announcement date and the possible release date.

Read more
25 years ago, Nvidia changed PCs forever
The GeForce 256 sitting next to a Half Life box.

Twenty-five years ago, Nvidia released the GeForce 256 and changed the face of PCs forever. It wasn't the first graphics card produced by Nvidia -- it was actually the sixth -- but it was the first that really put gaming at the center of Nvidia's lineup with GeForce branding, and it's the device that Nvidia coined the term "GPU" with.

Nvidia is celebrating the anniversary of the release, and rightfully so. We've come an unbelievable way from the GeForce 256 up to the RTX 4090, but Nvidia's first GPU wasn't met with much enthusiasm. The original release, which lines up with today's date, was for the GeForce 256 SDR, or single data rate. Later in 1999, Nvidia followed up with the GeForce 256 DDR, or dual data rate.

Read more