Skip to main content

Panera Bread’s data leak might affect more than 37 million customers

It’s getting to the point where no matter what kind of business you conduct, there is a very real risk of seeing your personal information leaked to nefarious parties. So far, hackers have gained access to banking, credit reporting, health insurance, email, and seemingly just about every other modern circumstance where your data is saved in a database. The latest: That soup and salad you ordered online at Panera Bread might have cost you some peace of mind.

According to KrebsOnSecurity, the food chain’s website was leaking information for a minimum of eight months, specifically the names, email addresses, physical addresses, birthdays, and last four credit card numbers for customers who placed online orders. The company has more than 2,100 restaurants throughout the U.S. and Canada, and that amounts to a huge number of potentially affected accounts.

The leak was first brought to Panera’s attention in August 2, 2017, by security researcher Dylan Houlihan. For whatever reason, the system was only taken offline on Tuesday, April 3, leaving a full eight months during which anyone with the appropriate knowledge could have scraped off the information and used it in a variety of potentially damaging ways. As KrebsOnSecurity indicates, the database’s format is such that customers could be easily searched and identified using any of the data.

As Houlihan put it, “Panera Bread uses sequential integers for account IDs, which means that if your goal is to gather as much information as you can instead about someone, you can simply increment through the accounts and collect as much as you would like, up to and including the entire database.” In Houlihan’s opinion, Panera did nothing to address the issue during the entire eight-month period.

The number of customers affected by the breach is uncertain. While Panera has stated that only 10,000 accounts were compromised and that the company requiring a valid account login to access the information would mitigate the problem, further information indicates that the number of affected customers could number in the millions. In fact, greater than 37 million customers records could be involved.

As always, if you are potentially affected by this data breach, you will want to keep a close eye on all of your credit, banking, and other activity. If you see anything suspicious, then contact the relevant companies immediately. You might also consider investing in an identity theft protection service that can help you keep an eye out for any privacy concerns.

Editors' Recommendations

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
OnePlus customer data stolen in second data breach in two years
oneplus 7t macro lens iphone 11 lacks cameras

Phone company OnePlus has suffered another data breach, with an undisclosed number of customer names, contact numbers, email addresses, and shipping addresses stolen by an unnamed hacker or group.

This comes less than two years after up to 40,000 customers' private information was stolen from OnePlus, leading to credit card fraud using customers' details. In this case, the breach only came to light when the issue of credit card fraud was raised by a user on the OnePlus forums. An investigation subsequently discovered a malicious script had been gobbling up customer credit card details when they were entered into the OnePlus website.

Read more
These TP-Link mesh Wi-Fi systems are up to 40% off right now
The TP-Link Deco mesh Wi-Fi system on a table.


If you're looking at router deals because your current one doesn't reach every corner of your home, you may want to take advantage of Amazon's ongoing discounts of up to 40% for TP-Link mesh Wi-Fi systems. TP-Link is one of the most trusted brands in the internet connectivity space, so you know that you'll be getting top-quality devices when you go for any of its mesh Wi-Fi systems. You're going to have to be quick with your purchase though, as the potential savings from these offers may be gone as soon as tomorrow.

Read more
My most anticipated laptop of the year just got leaked
Foz Do Arelho, Portugal, February 27, 2020 - Laptop, Camera, Pad and phone on a bench at the seaside. Image on the laptop screen saying digital nomad.

The hype for Qualcomm's Snapdragon X Elite laptops is building. Having seen what these machines can do in person already, it's safe to say that these are the laptops I'm most excited about this year.

And today, a leak has revealed what some of the first devices with this much-anticipated chip will look like. Recently shared on X by the usually reliable Microsoft leaker WalkingCat are photos of a new product being referred to as the "Yoga Slim 7 14 Snapdragon Edition."

Read more