Panera Bread announced this week that it resolved a data breach that exposed the personal information of thousands of customers. According to a report on The Verge, the company was first alerted to the issue by security researcher Dylan Houlihan eight months ago, but initially dismissed it as a likely scan. The breach shows consumer data available in plain text and appears to include records for any customer who signed up to receive food via Panera’s website, panerabread.com. Exposed information includes individuals’ names, physical addresses, birthdays and last four digits of the credit cards used.
No Explanation for Data Breach
Houlihan reportedly contacted Panera on Aug. 2, 2017, and then again a week later to follow up. Panera, in spite of initially being dismissive, eventually recognized he was right about the data breach and began working on a fix. The breach has only been fixed this week. The company has offered no explanation for why it allowed the problem to exist for months after acknowledging that it was an issue back in August. The number of accounts affected by this breach may be as high as 37 million in spite of Panera’s assertion that only about 10,000 records were exposed.
The company has also said its investigation is continuing and that so far, there has been no evidence of the credit card information or a large number of records being accessed or retrieved. Panera is only one of several companies to have had significant data breaches in the past year. Travel website Orbitz was the victim of a data breach that might have exposed 880,000 customer credit cards. Thieves also stole Chipotle customer credit card information from restaurants in every state in which the chain operates.
What Can Customers Do?
If you suspect your information has been compromised, the first step is to determine what information was stolen. The least sensitive information are the names and street addresses. The more sensitive information includes email addresses, dates of birth and payment card account numbers. If your online account has been compromised, change the password on the account right away. If you used the same password for any other accounts, change those as well and make up a strong, new password for each and every account.
Check your bank accounts and credit card statements to make sure there are no unauthorized charges. Get your credit report to check if there are any red flags there. If you have been affected by a data breach, contact an experienced California class action lawyer to obtain more information about pursuing your legal rights.