A security expert says bakery-cafe chain Panera Bread had "millions" of customers' personal information available and searchable on its site for at least eight months, leaving them vulnerable to identity theft.

According to the blog "Krebs on Security,"  a plain-text page on Panera's website revealed the full names, email addresses, physical addresses, phone numbers, date of birth, dietary preferences, and last four digits of credit cards of customers who signed up for the company's delivery service.

The blog initially placed the number of customers potentially affected by the leak at "higher than 7 million," and later pegged it at 37 million. 

In a statement, Panera's chief information officer called the issue "resolved" and said that the leaks affected "fewer than 10,000 consumers."

News of Panera's data leak follows a security breach that exposed the email addresses, user names, and passwords of 150 million users of the fitness tracking app MyFitnessPal.