Panera Bread Website Flaw Exposes Customer Information

Today’s topics include Panera Bread’s website leaking customer data, and Microsoft buying Forerunner Software technology for Power BI reporting.

In an April 2 post on Medium, security researcher Dylan Houlihan said he discovered an issue last year in restaurant chain Panera Bread’s website that could have enabled anyone to access personally identifiable information about customers. He said he contacted Panera Bread in August 2017 about the issue, but the company did not fix it.

Panera is downplaying the extent of the leak, claiming the issue has been fixed.

Security blogger Brian Krebs concluded that upward of 7 million customer accounts may be at risk from the flaw.

However, Panera Bread CIO John Meister told eWEEK, "There is no evidence of payment card information nor a large number of records being accessed or retrieved. Our investigation to date indicates that fewer than 10,000 consumers have been potentially affected by this issue and we are working diligently to finalize our investigation and take the appropriate next steps."

Looking to grow its Power BI business intelligence and data analytics ecosystem, Microsoft has acquired enterprise report rendering technologies Forerunner Mobilizer and Forerunner Report Viewer from technology firm Forerunner Software.

Forerunner Mobilizer enables organizations to turn business insights from Microsoft SQL Server Reporting Services into reports that can be viewed on a variety of mobile devices. Forerunner Report Viewer can be used to embed reports derived from Microsoft SQL Server Reporting Services into web applications.

Power BI Senior Program Manager Christopher Finlan said Forerunner's technology will use client-side rendering capabilities to pave the way for SSRS reports in the Power BI service.