According to HIBP (HaveIBeenPwned.com) who reported the data breach first said that the company suffered a massive breach in 2016.
HaveIBeenPwned.com is an online platform run by security researcher Troy Hunt which can be used by the user to check whether their personal data has been compromised or not.
The exposed data includes names, email addresses, home addresses, phone numbers, device information, and order histories.
When HIBP informed the company about the breach, they replied saying they were aware of the breach and decided not to notify the impacted customers.
“In July 2016, the India-based food delivery service FreshMenu suffered a data breach. The incident exposed the personal data of over 110k customers and included their names, email addresses, phone numbers, home addresses, and order histories. When advised of the incident, FreshMenu acknowledged being already aware of the breach but stated they had decided not to notify impacted customers.”
Rashmi Daga, the founder of FreshMenu, said in a statement on their website that the breach was limited and the company focused on resolving the vulnerability immediately to prevent further damage.
The company also confirmed Payment card data and customer credentials were not compromised in the breach.
“You may have seen Twitter posts and media articles about a data breach at FreshMenu back in 2016. I owe every user of FreshMenu a sincere apology for the breach and for not addressing this matter proactively. Trust is integral to the relationship we share with you, and we regret the event that led to this trust being compromised.” said in the statement published on the Freshmenu website.
Last year food delivering platform Zomato has also suffered a data breach exposing user data of 17 million customers.
You may be interested in reading:Mac Adware Doctor App Discovered Stealing Sensitive Information of Users