India-based online food delivery platform, FreshMenu, came under fire after it was revealed that it hushed up a severe data breach that affected over 110,335 customers. The breach occurred on July 1, 2016, and the information was disclosed by ‘Have I Been Pwned’, a website that maintains a database of data breaches.
The ‘Have I Been Pwned’ (HIBP) site claimed that FreshMenu was aware of the breach but it decided not to disclose it to its customers. Around 75% of the affected customers' data was already available on the HIBP website.
The leaked data included the names, email addresses, phone numbers, home addresses, device information and order histories of customers. FreshMenu acknowledged being aware of the incident. Although the breach took place in 2016, the information was added to the HIBP database on September 10.
“When advised of the incident, FreshMenu acknowledged being already aware of the breach but stated they had decided not to notify impacted customers,” said HIPB, The News Minute reported.
FreshMenu founder Rashmi Daga apologized for the incident and ensured that the company will focus on enhancing its security to prevent any further breaches.
“Trust is integral to the relationship we share with you and we regret the event that led to this trust being compromised. At that moment, we believed that the since the breach was limited, we would focus on resolving the vulnerability and making sure that no further breaches happen,” said Daga, The News Minute reported.
The company also claims that no user password and payment card details were affected by the breach. FreshMenu and its team are currently working towards ensuring that the site is properly secured.
“Regardless, it is clear in hindsight that we could have communicated this information to our users at that time. Further on, we took immediate action and worked with AppSecure and Anand Prakash, India’s best known white hat hacker, to audit our systems and help us make our system’s security robust. Our team has worked harder to make sure the FreshMenu app and site are thoroughly secure, and our commitment does not end there. We work tirelessly on creating the best for you because that is our top priority,” Daga added.