At a time when public anger over privacy concerns has forced major tech firms such as Google, Facebook and Twitter to become more forthcoming in sharing information that concerns metadata of the users, cloud kitchen platform Freshmenu faced a backlash after the company reportedly failed to inform customers about a major data breach concerning their website.
In July 2016, Freshmenu was hacked and the data of approximately 110,000 users was stolen. The compromised data included names, device information, email addresses, phone numbers, residential addresses and their order histories.
The incident was reported by a website called as ‘Have I Been Pwned'. The site also revealed that Freshmenu was aware of the data breach but they chose not to report the incident to their users. Usually, after a website/app is compromised, users are advised to change their password for safety purposes. However, a similar protocol was not followed by Freshmenu.
The incident sparked a major furore online forcing the company to issue a statement.
Founder of Freshmenu Rashmi Daga apologised to the users of the website and admitted that they were aware of the breach but they believed it was limited to names, email id and phone number and since no financial data or password of the users was stolen they did not share the information of the data breach with them. In her statement Rashmi Daga admits, ‘it is clear in hindsight that we could have communicated this information to our users at that time’. Freshmenu has announced that it will now audit its system to strengthen its website.
Following the hack of sensitive data and Freshmenu’s failure to inform their users, several cyber law experts are of the opinion that the website can face lawsuits under the IT Act. Reports suggest, in case of a breach, companies are supposed to contact Indian Computer Emergency Response Team, however, it is unclear if Freshmenu reported this incident to ICERT or any other authority.
Online food ordering app Zomato too faced a similar situation last year as its website was hacked, but Zomato intimated to its users and asked them to update their security features.