The growing list data breach incidents have already enraged the consumers. At every second, they feel themselves at the risk of leaking their personal data to some bad actors. What if they come to know years later that they have already had their details exposed to hackers? That’s where the organizations need to stay vigilant – to inform their customers about any mishaps that could pose them a threat. While we already witness such responsible disclosures from a number of firms today, still some businesses seem ignorant towards this aspect. FreshMenu is also one of them; recently, the Indian online food platform confessed a data breach that affected over 110,000 customers. Sadly, FreshMenu hid data breach for almost two years from its occurrence.
FreshMenu Hid Data Breach Happened In 2016
On September 10, 2018, the famous source for indexing breaches, HaveIBeenPwned.com, revealed a disturbing fact in a tweet. They disclosed that an online food ordering platform kept a data breach incident hidden from its customers for years. Reportedly, FreshMenu hid data breach that happened back in 2016 affecting more than 110,000 customers.
New breach: FreshMenu had 110k customer records exposed in 2016 including names, phone numbers, order histories, physical & email address. FreshMenu was aware of the incident & elected not to disclose it to customers. 75% were already in @haveibeenpwned https://t.co/LGaAnj1hUA
— Have I Been Pwned (@haveibeenpwned) September 10, 2018
As disclosed by HIBP, the data breach happened on July 1, 2016, affecting 110,355 customer accounts. Allegedly, the breached information included personal details of the customers along with order histories. This includes everything from usernames, email addresses, contact numbers, physical addresses, device information, and food ordering details. Nonetheless, FreshMenu did not mention physical addresses and order histories being included in the breached data.
FreshMenu Now Confesses To The Breach
Despite having a massive impact, FreshMenu kept the matter secret. In fact, according to HIBP, they deliberately chose not to disclose the breach.
“When advised of the incident, FreshMenu acknowledged being already aware of the breach but stated they had decided not to notify impacted customers.”
Nonetheless, the media hype ultimately made them confess the incident publicly. Recently, FreshMenu uploaded a detailed notice on their website explaining about the breach whilst apologizing to the customers.
“I owe every user of FreshMenu a sincere apology for the breach and for not addressing this matter proactively. Trust is integral to the relationship we share with you and we regret the event that led to this trust being compromised.”
Regarding why did they keep the matter hidden, they stated,
“In that moment, we believed that the since the breach was limited, we would focus on resolving the vulnerability and making sure that no further breaches happen.”
Nonetheless, they further assure that they immediately worked on fixing the vulnerability that caused data breach at that time. They confirm that the breached information did not include any passwords or payment details.
FreshMenu also stated that they contacted a reputed white-hat hacker to audit their systems for security. They also reiterate their commitment to ensuring site and data security to make their customers feel safe.
FreshMenu is an online food ordering platform based in India. The platform started off in 2014 and has since been serving customers in various cities of the country.
Take your time to comment on this article.
Latest posts by Abeerah Hashim (see all)
- Google Partially Steps Back From Chrome API Changes That Blocks Ad Blockers - February 21, 2019
- Cryptojacking Apps Removed From Microsoft App Store - February 21, 2019
- Facebook Awarded $25000 Bounty For Reporting a CSRF Vulnerability - February 19, 2019