Panera Bread Co. said late Monday that it had patched a vulnerability responsible for leaking millions of customer records onto the internet. According to security researcher Brian Krebs, the company was first notified of the vulnerability in August 2017 and fixed the problem Monday. Krebs wrote that the issue may have affected more than seven million accounts. The exposed records include names, dates-of-birth, email addresses and the last four digits of credit card numbers. MarketWatch was able to locate at least one staffer's account information via the leak prior to the company taking the system offline. According to Krebs, the data could be scraped from the site via automated tool and the records were of customers who had created accounts on Panera's website. "Our investigation is continuing, but there is no evidence of payment card information nor a large number of records being accessed or retrieved," Panera Chief Information Officer John Meister wrote in an emailed statement. Meister wrote that "fewer than 10,000 consumers have been potentially affected by this issue." The company did not respond to questions about why it took eight months to address the vulnerability.