Even after validating that the breach was real, eight months later, Panera Bread's site was still leaking customer records in plain text. These records "could be indexed and crawled by automated tools with very little effort." 

We see this all to often where companies refuse to take real responsibility when they make mistakes that lead to accidental data exposures. We receive similar responses where they deflect, deny and downplay the situation. What is it going to take for more companies to do the right thing?