Panera Bread's website leaked millions of customer records for months, according to a report from KrebsOnSecurity.
According to the report, the records included names, email and physical addresses, birthdays and the last four digitals of customer's credit card numbers.
According to KrebsOnSecurity, a blog run by cybersecurity writer Brian Krebs, the information was available in plain text on the site and included customers who signed up for an account to order food online.
Security researcher Dylan Houlihan told Krebs that he notified Panera about the data leak in August 2017, but the company didn't do anything about about it until Monday. That's when Krebs reports the company took the website down and said it fixed the issue. The site is back online.
Right now, Krebs says it isn't clear how many Panera customers were exposed, but the number could be higher than 7 million.
In a statement to Reuters, Panera Bread Chief Information Officer John Meister said an internal investigation found that less than 10,000 people were affected.
“Our investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved,” Meister told Reuters.
Panera has more than 2,000 locations across the country.