The North American chain of over 2000 bakery caf.s.com was exposed to a security vulnerability in August 2017. Security researcher Dylan Houlihan first reported the problem to Panera Bread eight months ago. The number of customer records exposed may total over 37 million. Security blogger Brian Krebs publicly revealed the problem eight months after it was first reported to them by a security researcher called Dylan Hoilihan. The vulnerability was still present on the delivery.panerabread.com website, which meant that details of any signed-up customers full names, email addresses, phone numbers, and the last four digits of their saved credit card numbers could be scooped up.”]
Source: https://www.bitdefender.com/blog/hotforsecurity/panera-breads-half-baked-security/