Panera breach – Fraud.org

Panera Bread has acknowledged that their online ordering system was the subject of a data leak. Customer information including names, email addresses, home addresses, birth dates and the final four payment card digits was compromised. The breach was first discovered in August 2017 and was fixed in April 2018.

Description of the breach: Security researchers estimate that more than 7 million Panera Bread customers have had their ordering data compromised. Individuals who ordered online, or used MyPanera over the past 8 months are likely to have had their names, email address, physical address, birthday, ordering habits, food preferences, and last four digits of their payment card compromised.

While Panera Bread disputes the size of the breach, users of Panera Bread’s online ordering system should be on the lookout for phishing emails. Due to the type of data that has been compromised fraudsters will be able to incorporate data such as past order historys, to lure victims into clicking malware-laden links or into divulging information like their full credit card number. In the coming days, Panera bread customers should be particularly wary of suspicious emails, and avoid clicking on links questionable links.

Data breach period: Prior to August 2017 to April 2018

More coverage of this breach: Krebs on Security and Fortune