Data breaches have been in the news a lot lately, and now Panera is joining in on the action. Earlier this month, Panera Bread announced that it too had fallen victim to a data breach and acknowledged that sensitive “customer information was vulnerable on its company website for at least eight months.” However, of the company’s many customers, the breach seems to only have impacted records belonging to “customers who had registered for the MyPanera program to order food online,” and compromised personal details such as names, birthdays, email addresses, home addresses, and “the last four digits of user credit card numbers.” In addition, the affected customers’ “Panera loyalty card numbers were also exposed,” which has some worried that scammers might spend customer money on prepaid accounts.
How many customers were potentially affected by this latest data breach, though? For starters, while announcing details of the data breach, Panera officials “estimated that fewer than 10,000 customers had been affected by the leak,” though other agencies that specialize in investigating data breaches, like KrebsonSecurity, estimate that the actual number of affected customers “might be closer to 37 million.”
Unfortunately for consumers, data breaches like the recent one at Panera don’t appear to be going away anytime soon. Instead, some may argue that widespread data breaches will likely continue in the coming years as more and more consumers continue taking part in e-commerce transactions. Also, it’s no secret that more and more consumers are beginning to manage personal banking online or via mobile apps. All of this online and e-commerce traffic only increases the risk of more data breaches in the future.
Even loyalty programs such as the one impacted by the Panera breach are quickly becoming vulnerable to data breaches. For those who don’t know, loyalty programs “promise perks and convenience in exchange for personal data,” personal data that, as the Panera hack demonstrated, could fall into the wrong hands during a data breach.
So what are consumers to do? Is there any way to completely prevent your personal information from falling into the hands of hackers? Unfortunately, most people have some sort of web history and have inputted personal details, such as birthdates, addresses, and other information somewhere along the line. At the end of the day, it’s really up to consumers to determine what personal information they’re willing to forfeit for, say, a free breakfast sandwich from a loyalty program. Carrie Kerskie, an identity fraud expert at Hodges University, agrees and said that “it’s nearly impossible to rein in personal data once it’s already online.” She added that “consumers can judge for themselves whether they want to volunteer other degrees of information, like personal preferences and habits, that could be manipulated by anyone down the line.”
However, that’s not to say businesses shouldn’t bear some of the responsibility. If they’re offering programs requesting personal information, the least they can do is have proper security measures in place to offer some level of protection against data hacks.