FreshMenu Hid Data Breach Affecting 110,000 Users
CEO Took Two Years to Acknowledge Incident
FreshMenu, a food delivery provider based in India, has come under social media attack for keeping under wraps a data breach two years ago that exposed the personal information of over 110,000 users.
The incident originally was brought to light in 2016 by data breach tracker HaveIBeenPwned, which discovered that the breach exposed names, email addresses, phone numbers, home addresses, and order histories, the Times of India reported on Wednesday. That news report led to the strong response on social media.
But some security experts argue not all breaches should result in notifications.
“All firms are hit by small breaches every now and then. One can’t keep panicking the customers by informing them about every breach,” says Sandeep Arora, co-founder at CyberImmersions Solutions, which provides training, education and consulting in cybersecurity, cyber law and privacy. “I feel if the breach is not directly causing a harm to customers, companies can take attention internally and make sure such things do not happen again.”