WaPo reports on a recent data breach at a popular restauranteur, and what that may mean for its customers:
The records belonged to customers who had registered for the MyPanera program to order food online. The details exposed included their names, email and physical addresses, birthdays, and the last four digits of user credit card numbers, according to the security news site KrebsonSecurity. Customers’ Panera loyalty card numbers were also exposed, KrebsonSecurity reported, which scammers could potentially abuse to spend prepaid accounts.
On Tuesday, Panera estimated that fewer than 10,000 customers had been affected by the leak. KrebsonSecurity put the number at closer to 37 million, though experts say the true number of compromised records may never be fully known. Panera did not return a request for comment or for clarification on the nature of the data breach.
As with so many other data breaches, this one raises questions for consumers. In some respects, it has grown ever more difficult to avoid e-commerce transactions. Many people now manage their personal banking on mobile apps. And consumers appreciate the convenience of ordering goods online. Every relationship and transaction raises the possibility of a data breach.
This is going to continue until one of two things happens.
First, industry comes up with a technological solution in which the security portion of any given application is separate from the actual functionality that makes it useful. This would mean that the majority of your engineers needn’t learn the hard lessons about security, they can just focus on the functionality, performance, and scalability questions which are already difficult enough to solve.
Second, society and the law changes such that no one can write commercial level code without a license. Naturally, every time one of these breaches occurs, those engineers who screwed up lose their licenses. At least temporarily. Let them go do fast food service for a while. Stop screwing up.
I have my doubts about the first solution, and the second will never happen. The future looks bleak for those folks who think giving up their personal information is worth a fast ham sandwich.
Not me. Not yet. I wonder how they’ll get me. What did I forget?
