Panera Bread Drops The Ball With Customer Data
What happens when you hire the same person who was director of security for Equifax? You get all of your sensitive customer data exposed to the internet for everyone to see!
Panera left customer data exposed for eight months after being notified about it, and then lied about when they were notified about the issue. Dylan Houlihan was the person who found the issue when he noticed his own personal information was available through an unsecured API. This was information from anyone who had signed up for an account to order food online through panerabread.com.
They said they were working on the issue for 8 months, however, managed to finally fix it in two hours after getting notified by KrebsOnSecurity and getting national attention.