Panera Bread's online customer portal, which stores the personal and financial details of anyone who's ordered a meal from the fast-casual chain online, has been compromised in a data breach, the company acknowledged earlier this week.
The comprised data includes physical and email addresses, birthdays, and the last four digits of customer's credit cards. Those affected included anyone with an account on Panerabread.com, according to the online security watchdog Krebs On Security. Adding an air of further controversy to it all, are signs that Panera knew about the data breach for nearly a year, but failed to take action to curtail it.
Per Brian Krebs' rundown, security researcher Dylan Houlihan initially informed Panera of the issue last August. After broaching the topic, Houlihan was told by the company's director of information security, Mike Gustavson, that Panera was "working on a resolution," via email a week later.