Online ordering service Menulog has faced criticism after it failed to notify its customers of a data breach that occurred back in April.
A change to the caching process on the website saw users being randomly logged in as other Menulog account holders.
This gave some users access to other people’s home addresses, purchase history, and mobile and email details.
Menulog did not notify its customers at the time, but did respond to individual users who complained about the login mishaps on Twitter.
@nickcola We found the issue and shut down our site straightaway. Are u able to call us on 1300 664 335, or DM your number for us to call u
— Menulog (@Menulog) April 9, 2016
Ngaire Stevens told Fairfax that while browsing Menulog on the night of April 9, the website did not recognise her account – instead logging her in as “Beth and “Peter”.
“We live in Fairlight, Sydney, and yet we were seeing what Beth in Melbourne had recently ordered,” Stevens said.
Upon clicking on what Stevens believed to be her account details, she instead saw the details of a Letitia in Dulwich Hill.
This is not the first instance of Menulog having issues with its customers’ data.
In February, a user reportedly logged in and discovered the data of more than one million customers.
How to win back trust after a data breach
Catriona Pollard, founder of CP Communications, told SmartCompany when businesses face data breaches, the most important thing is letting them know.
“Privacy and security is extremely important for all customers, it really should always be top of mind,” Pollard says.
“Companies must understand that privacy is business critical. At the very least, notify your customers to change passwords.”
Rebuilding customer trust can be difficult, but Pollard says there are ways to regain people’s confidence.
“In the first instance, you need to communicate with customers on how your business sees customer security,” Pollard says.
“Honest and upfront communication are the right way to build credibility and reputation again.”
SmartCompany contacted Menulog for a comment, but did not receive a response prior to publication.