Panera's failure to disclose a known security breach: Difference between revisions
added sources and made other changes |
→Contact with Panera Bread: changed name |
||
| Line 8: | Line 8: | ||
}}{{Cleanup}} | }}{{Cleanup}} | ||
Back in 02 August 2017, security researcher Dylan Houlihan notified [[Panera Bread]] of the breach that allowed hackers to access over 37 million customers personal information via its website, however the company wouldn't take any action until 8 month later on 02 April 2018. This would eventually result in a lawsuit 3 days later, however it was eventually dismissed by the plaintiffs on June 2018.<ref>{{Cite web |last=Ms. |first=Smith |date=3 April 2018 |title=Panera Bread blew off breach report for 8 months, leaked millions of customer records |url=https://www.csoonline.com/article/565050/panera-bread-blew-off-breach-report-for-8-months-leaked-millions-of-customer-records.html |url-status=live |archive-url=https://web.archive.org/web/20250618211944/https://www.csoonline.com/article/565050/panera-bread-blew-off-breach-report-for-8-months-leaked-millions-of-customer-records.html |archive-date=18 June 2025 |access-date=29 March 2026 |website=CSO}}</ref><ref>{{Cite web |last=Chappell |first=Bill |date=3 April 2018 |title=For Months, Panera Bread Website Reportedly Exposed Millions Of Customer Records |url=https://www.npr.org/sections/thetwo-way/2018/04/03/599135288/for-months-panera-bread-website-reportedly-exposed-millions-of-customer-records |url-status=live |archive-url=https://web.archive.org/web/20250717104401/https://www.npr.org/sections/thetwo-way/2018/04/03/599135288/for-months-panera-bread-website-reportedly-exposed-millions-of-customer-records |archive-date=17 July 2025 |access-date=29 March 2026 |website=NPR}}</ref> | Back in 02 August 2017, security researcher Dylan Houlihan notified [[Panera Bread]] of the breach that allowed hackers to access over 37 million customers personal information via its website, however the company wouldn't take any action until 8 month later on 02 April 2018. This would eventually result in a lawsuit 3 days later, however it was eventually dismissed by the plaintiffs on June 2018.<ref>{{Cite web |last=Ms. |first=Smith |date=3 April 2018 |title=Panera Bread blew off breach report for 8 months, leaked millions of customer records |url=https://www.csoonline.com/article/565050/panera-bread-blew-off-breach-report-for-8-months-leaked-millions-of-customer-records.html |url-status=live |archive-url=https://web.archive.org/web/20250618211944/https://www.csoonline.com/article/565050/panera-bread-blew-off-breach-report-for-8-months-leaked-millions-of-customer-records.html |archive-date=18 June 2025 |access-date=29 March 2026 |website=CSO}}</ref><ref>{{Cite web |last=Chappell |first=Bill |date=3 April 2018 |title=For Months, Panera Bread Website Reportedly Exposed Millions Of Customer Records |url=https://www.npr.org/sections/thetwo-way/2018/04/03/599135288/for-months-panera-bread-website-reportedly-exposed-millions-of-customer-records |url-status=live |archive-url=https://web.archive.org/web/20250717104401/https://www.npr.org/sections/thetwo-way/2018/04/03/599135288/for-months-panera-bread-website-reportedly-exposed-millions-of-customer-records |archive-date=17 July 2025 |access-date=29 March 2026 |website=NPR}}</ref> | ||
==Contact | ==Original Contact== | ||
On 02 August 2017, Security Researcher Dylan Houlihan first contacted Panera Bread security director Mike Gustavison of a breach after finding it accidentally through their website, containing customers accounts information that includes full name, home address, email address, food preferences, username, phone number, birthday and last four digits of a debit/credit card in plain text.<ref>{{Cite web |last=Houlihan |first=Dylan |date=3 April 2018 |title=No, Panera Bread Doesn’t Take Security Seriously |url=https://medium.com/@djhoulihan/no-panera-bread-doesnt-take-security-seriously-bf078027f815 |url-status=live |archive-url=https://web.archive.org/web/20180403023125/https://medium.com/@djhoulihan/no-panera-bread-doesnt-take-security-seriously-bf078027f815 |archive-date=3 April 2018 |access-date=29 March 2026 |website=Medium}}</ref><ref>{{Cite web |last=Krebs |first=Brian |date=2 April 2018 |title=Panerabread.com Leaks Millions of Customer Records |url=https://krebsonsecurity.com/2018/04/panerabread-com-leaks-millions-of-customer-records/ |url-status=live |archive-url=https://web.archive.org/web/20180402220110/https://krebsonsecurity.com/2018/04/panerabread-com-leaks-millions-of-customer-records/ |archive-date=2 April 2018 |access-date=29 March 2026 |website=KrebsOnSecurity}}</ref> | On 02 August 2017, Security Researcher Dylan Houlihan first contacted Panera Bread security director Mike Gustavison of a breach after finding it accidentally through their website, containing customers accounts information that includes full name, home address, email address, food preferences, username, phone number, birthday and last four digits of a debit/credit card in plain text.<ref>{{Cite web |last=Houlihan |first=Dylan |date=3 April 2018 |title=No, Panera Bread Doesn’t Take Security Seriously |url=https://medium.com/@djhoulihan/no-panera-bread-doesnt-take-security-seriously-bf078027f815 |url-status=live |archive-url=https://web.archive.org/web/20180403023125/https://medium.com/@djhoulihan/no-panera-bread-doesnt-take-security-seriously-bf078027f815 |archive-date=3 April 2018 |access-date=29 March 2026 |website=Medium}}</ref><ref>{{Cite web |last=Krebs |first=Brian |date=2 April 2018 |title=Panerabread.com Leaks Millions of Customer Records |url=https://krebsonsecurity.com/2018/04/panerabread-com-leaks-millions-of-customer-records/ |url-status=live |archive-url=https://web.archive.org/web/20180402220110/https://krebsonsecurity.com/2018/04/panerabread-com-leaks-millions-of-customer-records/ |archive-date=2 April 2018 |access-date=29 March 2026 |website=KrebsOnSecurity}}</ref> | ||
[[File:Pandera Bread hack on website.png|thumb|Hacked Website]] | [[File:Pandera Bread hack on website.png|thumb|Hacked Website]] | ||