Another day, another set of customers’ personal data being exposed.
Panera Bread, the fast-casual bakery-cafe chain, leaked the personal data of possibly millions of customers who ordered food online through panerabread.com for eight months, according to Krebs on Security, a cyber-security news blog run by journalist Brian Krebs. The leaked data included names, birthdays, emails, physical addresses and the last four digits of credit card numbers of customers who ordered food for delivery online, according to the blog.
While it is unclear how many customer records were compromised, Krebs said it “may be higher than seven million,” and later on Twitter noted that it could be closer to 37 million.
In a statement to Reuters, Panera Bread said it had resolve the issue and the leaked data impacted less than 10,000 people.
“Our investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved,” Panera Bread’s Chief Information Officer John Meister told Reuters.
A representative from Panera did not respond immediately to a request for comment from MONEY.
A number of companies in recent months have reported data breaches that compromised the personal information of millions of customers. Last week, Under Armor said that 150 million of its MyFitnessPal app users were impacted by a security breach. And over the weekend, a cybersecurity firm revealed that hackers stole the personal financial information of more than 5 million customers at Saks Fifth Avenue and Lorde & Taylor U.S.-based retail locations.