Breach Brief – Panera Bread, Saks Fifth Avenue, Orbitz

Published On April 4, 2018 | By Tom Huskerson | Breach Briefs

Panera, a popular bakery-cafe has admitted its website was leaking a data. According to Brian Krebs of KrebsOnSecurity.com Panera allegedly failed to fix issues with its website it knew about for nearly eight months. Panera Bread has  has over 2,100 outlets nationwide. 

Cyber security researcher Dylan Houlihan notified the company of a data leak in early August 2017. Mike Gustavison, Panera director of information security was informed of the flaw and said the company “working on a resolution.” Despite this statement the flaw was not repaired. 

Data records that leaked out contain the names, email and physical addresses, birth dates and the last four digits of the credit card numbers of Panera customers. 

Only after Krebs spoke directly with Panera chief information officer John Meister was the site shut down briefly and the data secured.  The number of customers whose data may have been compromised is estimated at 37 million.

A statement from Panera Bread said; “Panera takes data security very seriously and this issue is resolved. Following reports today of a potential problem on our website, we suspended the functionality to repair the issue. Our investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved.”

The company urges its customers to alert for any fraudulent activity in the bank or credit accounts.

Saks Fifth Avenue/Lord & Taylor

Saks Fifth Avenue and Lord & Taylor reported a data breach affecting millions of its customers.

According to the company “a well-known ring of cybercriminals” had stolen more than 5 million credit and debit card numbers from customers. According to the New York Times the cyber criminals were able to pull off this massive heist by implanting software into the cash register systems.

Although it is early in the investigation the the hack appears to have only affected card numbers and not social security or driver’s license numbers.

The majority of the affected credit cards appear to have been used at Saks and Lord & Taylor stores between May 2017 and March 2018 and only in the New York-New Jersey areas stores. 

Both Saks 5th Ave. and Lord & Taylor are owned by the Canadian company Hudson’s Bay. The company issued the following statement;“We have become aware of a data security issue involving customer payment card data at certain Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores in North America. We have identified the issue, and have taken steps to contain it. Once we have more clarity around the facts, we will notify our customers quickly and will offer those impacted free identity protection services, including credit and web monitoring.”

Orbitz

The popular travel booking site Orbitz announced that its legacy site, Amextravel.com, was compromised due to a data breach.  Data of  880,000 customers was compromised from January 1, 2016 through December 22, 2017.

According to the company credit or debit card information was stolen along with personal information that includes the customer’s full name, date of birth, phone number, email address, physical and/or billing address and gender.  

Orbitz plans to notify all customers who’s information may have been compromised and  is providing potential victims a free year of credit monitoring services. Customers can contact Orbitz for the free service either online or by calling 855-828-3959 toll-free. 

 

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. He attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has returned to focus on writing both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle. Most recently Tom has launched the blog African American Cyber Report. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Leave a Reply

Your email address will not be published. Required fields are marked *