Chicago

Extortion Scam May Have Started With Quest for Free Panera Bagel, Woman Says

Arlene Kaganove said she signed up for a “My Panera” rewards card to get a free everything bagel on her birthday, then she got an unusual letter

What one woman believes all started with a free birthday bagel from Panera quickly took an unexpected, and x-rated, turn as the 86-year-old woman was targeted in a new extortion scam.

Arlene Kaganove said she signed up for a “My Panera” rewards card to get a free everything bagel on her birthday.

“I am always signing up for whatever comes free on my birthday,” she told NBC 5. “Never anticipated it would lead to extortion letters.”

After signing up for the program, Kaganove said she started receiving a series of threatening emails, all detailing behavior some might consider a private matter.

“They say they have been watching me watch porn,” she said while laughing. “Which I find… hilarious.”

The emails say the sender recorded Kaganove watching porn, writing “Yep! It’s you doing nasty things!” The notes demand Kaganove pay $1,400 in bitcoin to get the recording.

“They told me I have very good taste in porn so I thought that was nice," Kaganove said

There was just one problem.

Kaganove said if anyone recorded her doing such things, “they’d see a little old lady cursing at the computer because it’s not doing what I want it to do.”

The Chicago woman, who has two masters degrees in chemistry and a law degree, said she didn’t bite.

“I said, ‘This is about the most bizarre thing. I have to go tell all my water aerobics buddies about this thing,” she said.

Kaganove believes she was targeted following her sign-up for the Panera rewards program, as the scammers cited her username and password in their letters.

The St. Louis-based company acknowledged in 2018 its website did leak customer data, a vulnerability that was called to its attention by a whistleblower. Leaked data included customer names, emails, physical addresses and birthdays.

The company said fewer than 10,000 customers were affected, though the whitsleblower says that number may have been higher.

Panera added the vulnerability in its site has been fixed but said an internal probe found passwords were not part of the exposed information.

“No MyPanera Rewards account passwords were exposed during the April 2018 incident,” Panera said in a statement. “We also went over our forensic records from last year and confirmed that Arlene’s account was not accessed improperly."

Kaganove said she wants to ensure no other potential targets fall victim to the scam.

“If they are sending six [letters] to me, they are sending a lot more to people,” she said. “I am sure someone is sending them money.”

Contact Us