‘Trust is integral to the relationship we share,’ says company founder.

The owner of FreshMenu, an India-based food delivery service, has apologized for not informing customers of a data breach that took place in 2016.

News of the breach was first reported by Have I Been Pwned (HIBP) on September 10, with the site announcing that the FreshMenu incident exposed the personal data of more than 110,000 individuals.

Compromised details included customer names, email addresses, phone numbers, home addresses, and order histories. Payment card details were not affected, the company said.

While data breaches impacting the food and beverage industry are by now an all too common occurrence, what’s particularly worrying in the case of FreshMenu is that the company was aware of the breach but failed to alert its customers.

“When advised of the incident, FreshMenu acknowledged being already aware of the breach, but stated they had decided not to notify impacted customers,” HIBP said.

Not so fresh

After news of the breach started to make the rounds on social media, FreshMenu finally acknowledged the incident in an apologetic security update last night.

“I owe every user of FreshMenu a sincere apology for the breach and for not addressing this matter proactively,” said company founder, Rashmi Daga.

“Trust is integral to the relationship we share with you and we regret the event that led to this trust being compromised.

“In that moment, we believed that the since the breach was limited, we would focus on resolving the vulnerability and making sure that no further breaches happen.”

Daga noted that, since the incident, the FreshMenu team has been working to ensure the delivery app and site are “thoroughly secure”.

The Daily Swig has reached out to the company for additional comment.