This week in security assessment news, I decided to talk about NPR’s reporting on a Panera Bread Website hack entitled “For Months, Panera Bread Website Reportedly Exposed Millions Of Customer Records.” I decided to talk about this topic when my wife brought this article to my attention. I had to question out loud “Great, we aren’t safe from ordering food anymore.” Much like many other point of sales attacks or retail attacks, hackers were able to make off with “customers’ first and last name, their date of birth, address, email address, phone number and the last portion of their credit card number” (Chappell, 2018). While this may not have affected the large portion of Panera’s customers, if you did any purchasing through their website like calling in orders, it is likely your information was stolen. All in all, this attack further shows us how vulnerable our information is and how easily it can fall into the hands of a hacker.
While you may think that the theft of customer information might be the biggest thing in this article, it wasn’t. Panera knew about the attack for some time, and either failed to act against it or didn’t realize what kind of problem they had. It wasn’t until very recently that their website was taken down and likely patched to remove the ability to access this data. What is troubling being that Panera itself did not find the actual problem, it was a security analyst who came across that Panera was not securing their data. He reached out to the company to illustrate the problems to them, however Panera did not seem to care or take him seriously, and these reports were left. This point illustrates the need for companies to take all security concerns seriously and investigate all claims, even if some come across as dubious. Instead, with what Panera is dealing with now, is that they might be held accountable now by a court as they had the information that this information was exposed, and willingly chose not to do something about it.
The biggest take away from this all is not that our information is vulnerable on the web, no matter where you are. This is understood by most and we put our information in other company’s hands for safe keepings. The takeaway is that we need to make sure that these companies are keeping their side of the bargain and doing all that they can to keep our information secret and safe. Hopefully customers will now keep a keen eye on all the sites they use and hopefully Panera has learned from their mistakes, putting the necessary steps in place to keep this from happening again.
Sources Cited:
Chappell, B. (2018, April 3). For Months, Panera Bread Website Reportedly Exposed Millions Of Customer Records. Retrieved April 4, 2018, from https://www.npr.org/sections/thetwo-way/2018/04/03/599135288/for-months-panera-bread-website-reportedly-exposed-millions-of-customer-records
No comments:
Post a Comment