CHARLOTTE, NC — A flaw on the Panera Bread website caused customer information to be leaked, including names, email addresses, birthdays and the last four digits of payment cards for those who had signed up to order food online, according to a report in Krebs on Security.
There’s no word yet on which states had customers involved in the lapse.
Although Krebs estimated that more than 37 million customers could be affected, Panera’s chief information officer said in a statement to Reuters that the issue was resolved and that the leaks affected "fewer than 10,000 consumers."
(Sign up for our free daily newsletters and Breaking News Alerts for the Charlotte Patch. Access Patch on the go with our iPhone app or our brand new app for Android phone users.)
Panera suspended the website to repair the issue after being notified by Krebs on Security. However, as Krebs later noted, Panera’s fix still allowed those who logged into panerabread.com using a valid account to view customer information.
Eight months after the flaw was first reported to Panera, it remained unfixed, according to Krebs. The chain has 66 locations in North Carolina, including 14 in Charlotte, as well as metro locations in Huntersville, Mooresville, Matthews, Indian Trail, Concord and Hickory.
Feroze Dhanoa, Patch National Staff, contributed to this article
Photo by Juli Hansen/Shutterstock