Panera Bread's website leaked customer records for at least eight months, according to cybersecurity blog KrebsOnSecurity, which claimed that millions of accounts were affected. Panera Bread disputed that number, telling Reuters that the company believed fewer than 10,000 had been potentially affected.
KrebsonSecurity reported that the records included names, email and physical addresses, birthdays and the last four digits of customers' credit card numbers. The blog cited a security researcher who said he first told Panera about the vulnerable data on Panerabread.com back in August 2017.
"Our investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved," Panera Bread Chief Information Officer John Meister told Reuters.