Rashmi Daga, founder of online food delivery platform FreshMenu, has apologised for hiding a data breach in 2016. Personal data of over 110,355 users were exposed in the data breach.
In a letter to SheThePeople.TV, Rashmi said: “You may have seen twitter posts and media articles about a data breach at FreshMenu back in 2016. I owe every user of FreshMenu a sincere apology for the breach and for not addressing this matter proactively. Trust is integral to the relationship we share with you and we regret the event that led to this trust being compromised.”
She added, “In that moment, we believed that the since the breach was limited, we would focus on resolving the vulnerability and making sure that no further breaches happen. The stolen information comprised of names, email-ids and phone numbers from a test server holding transaction information. At no point during this time was information such as user passwords or payment related information, breached. We have always worked with secure payment partners to store payment information in PCI DSS compliant systems on their side and that is absolutely safe. Regardless, it is clear in hindsight that we could have communicated this information to our users at that time.”
The data breach came to light after a report from Have I Been Pwned (HIBP), the data breach research platform built by security expert Troy Hunt. The platform claims the company was aware of a massive data breach, but decided to not go public.
New breach: FreshMenu had 110k customer records exposed in 2016 including names, phone numbers, order histories, physical & email address. FreshMenu was aware of the incident & elected not to disclose it to customers. 75% were already in @haveibeenpwned https://t.co/LGaAnj1hUA
— Have I Been Pwned (@haveibeenpwned) September 10, 2018
“Further on, we took immediate action and worked with AppSecure and Anand Prakash, India’s best known white hat hacker, to audit our systems and help us make our system’s security robust. Our team has worked harder to make sure the FreshMenu app and site are thoroughly secure, and our commitment does not end there. We work tirelessly on creating the best for you because that is our top priority,” said the Bengaluru-based founder.
According to HIBP, the breach revealed details, including names, email addresses, phone numbers, home addresses and order histories.
“FreshMenu began four years ago in my home kitchen with one simple purpose – to bring good food to your table, whenever and wherever you are hungry. Today, our aim remains the same, and our determination to serve you only gets stronger. I wanted users to have the world of food available at the push of a button, and the trust that it is being cooked fresh in a kitchen near them. Like with our food, in every aspect of our offering, our mission is to serve you as best as we can,” Rashmi has assured.