Breach At Panera Causes Experts To Call Out Half Baked Security Measures

By now, it’s likely you’ve heard about the data breach at Panera Bread, the wildly popular café and bakery. If not, yes there was indeed a breach…sort of. No one broke into the company’s network and stole the payment card information of what researchers think is more than 37 million customers. It didn’t even take any effort if someone wanted that information. That’s because the company left the data exposed to the world for over eight months. Anyone could have seen it with no real effort involved.

A researcher notified Panera last summer that there was a flaw on the website leaving the sensitive information exposed. After eight months passed and it wasn’t fixed, he went public. The website was taken offline almost immediately.

If you used your card at Panera in one of its 2,100 stores, online, or at its catering business (online or otherwise) within the past year or even further back, your data may have been included in this group. It’s unknown for how long the data was left open for viewing. So as always, monitor payment card charges diligently. No longer can you afford to wait to do this on a monthly basis after your statement is released. Take some time far more frequently to check in on charges to make sure everything looks fine. If not, contact your card issuer. It’s pretty easy to do a quick check these days. There are mobile apps and online sites that take virtually no time to access. In addition, most payment card companies allow you to set alerts for charges. For example, you can request they send you a text if a charge over a certain limit is made to your card.

The lead security executive with Panera, Mike Gustavison, originally downplayed this incident saying it affected “merely” 10,000 customers. As is now known, that is vastly understated. Security experts are calling out to companies to pay more attention to and take securing its data more seriously. Within just a few weeks, there have been newsworthy breaches reported involving Under Armor/MyFitnessPal, Boeing, and retailer Hudson Bay Company who owns Saks Fifth Avenue and Lord & Taylor.

Stickley on Security
Published April 7, 2018