PaneraBread.com may have exposed customer names, email and physical addresses, dates of birth, loyalty card numbers, and the last four of credit card numbers.  Panera is a St Louis company with over 2,100 locations in North America.

The customers who are affected would have been those who signed up to order food through the website.  The exposure was originally identified August 2, 2017 by researcher Dylan Houlihan as records stored without any encryption.  Houlihand said 

Panera Bread uses sequential integers for account IDs, which means that if your goal is to gather as much information as you can instead about someone, you can simply increment through the accounts and collect as much as you’d like, up to and including the entire database

Houlihan had reported this to Panera's director of information security Mike Gustavison back in the first week of August 2017.  

Upon validating the exposure still existed this week, Panera's CIO John Meister was contacted by phone and the website was quickly taken offline.