A security flaw in Panera Bread's website exposed records of millions of customer records -- including names, email and physical addresses, birthdays and the last four digits of the customer's credit card number.
On Monday, Panera Bread said it patched the security flaw. The problem is, however, that the data was exposed for a whole eight months before the company took that step.
Security researcher Dylan Houlihan told KrebsOnSecurity that he notified Panera about the security flaw on Aug. 2, 2017.
However, Houlihan reported that the site was still leaking customer records as of April 2, 2018.
"The flaw never disappeared," Houlihan told KrebsOnSecurity. "I checked on it every month or so because I was pissed."
"Panera takes data security very seriously, and this issue is resolved," Panera Bread Chief Information Officer John Meister said in a statement to FOX Business. "Following reports today of a potential problem on our website, we suspended the functionality to repair the issue. Our investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved."