Panera Bread Drops The Ball With Customer Data
Panera left customer data exposed for eight months after being notified about it, and then lied about when they were notified about the issue. Dylan Houlihan was the person who found the issue when he noticed his own personal information was available through an unsecured API. This was information from anyone who had signed up for an account to order food online through panerabread.com.
They said they were working on the issue for 8 months, however, managed to finally fix it in two hours after getting notified by KrebsOnSecurity and getting national attention.