BLOG

Risk Report: Panera Bread

Risk Report: Panera Bread

Hackers Won’t Ignore a Security Breach, Why Should You


Recently, Krebs On Security reported 37 million Panera Bread customers had their private information exposed for at least eight months starting in late 2017. Panera was forced to address the fact their website was leaking customer information, requiring the organization to take down its online ordering portal--a digital sales point responsible for 26% of their annual sales revenue.

Panera had been alerted of their security vulnerability eight months before news of the breach broke.

According to Krebs, Panera received a third-party tip in August 2017 from a security researcher, Dylan Houlihan, that their customer facing website was unsecure. The message sent to notify Panera included photographic evidence that their website was leaking customers’ personal information.

As a result of the vulnerability, hackers had unlimited access to data from customers who signed up for loyalty programs and who entered private information to order food online. Millions of user names, emails, addresses, phone numbers, D.O.B’s, partial credit card numbers and more were completely unprotected for at least eight months.

Despite the evidence, and Houlihan’s consistent follow up, Panera Bread’s Information Security Director, Mike Gustavison, (Former information security director of Equifax) told Houlihan that the company was working on a resolution, while they had actually elected not to investigate the vulnerabilities documented by Houlihan.

After eight months of inaction from Panera, the leak went viral when Houlihan made his findings public on krebsonsecurity.com. Panera may face additional penalties for failing to address a known vulnerability.

Work with MCPc’s information security experts to design security programs that protect your employees, your data, and make your organization resilient in the event of a breach.

Protect the path of least resistance into your network with Fortress: Secure Endpoint Management. MCPc’s Fortress suite of managed services identify cyber threats, monitor, patch, and backup the devices used to run your business, 24x7x365.





Comments

Comments
This post currently doesn't have any comments.

Case Study

Virtualization, Compliance Management, and User-Segmentation

MCPc created a virtualization solution to simplify compliance management and enable mobile and secure access to International Law Firm's document management system

READ MORE »

Case Study

Execute Seamless IT Transition During Large Acquisition

Transition IT of 120 new branches without service interruption to both customers and employees.

READ MORE »

Innovations

At the forefront of innovation is technology. From crafting integrated support and lifecycle management solutions to addressing specific regulatory and financial constraints, MCPc is committed to developing cutting-edge technology solutions for its clients.

HOW WE INNOVATE FOR OUR CLIENTS »