The Age is running a story today about Menulog potentially breaching the privacy of over 1.1 million customers. A screen shot shows an internal Menulog portal which Restaurants have access to. The data breach contained names, email addresses and addresses. This is a serious issue for the privacy of your customers, but it is a nightmare scenario if your competitors have accessed the database. Being able to access the contact details of customers who order online regularly would be a huge windfall for any restaurant prepared to email out to that list and the Menulog data breach may create that scenario.
The allegations of the data breach were made by Nicola Holden, an ex employee of Menulog now working for Pizza Fellas. There is a current legal battle between Pizza Fellas and Menulog around online understanding. Menulog has been in the press previously for brandjacking Restaurants online presence with fake websites, purporting to be the official Restaurant website.
The security flaw was found in the e-newsletter, which has since been shut down, however security experts who examined the issue stated that the system is vulnerable and not secure according to The Age.
Have your competitors profited from the Menulog data breach?
The big concern for Restaurants is if the contact details of their customers have been accessed by competitors. The email list of customers is a crucial part of any restaurants marketing plan and a significant part of the Intellectual property of the Restaurant. Restaurants can be sold for a higher value if it is sold with a large list of email addresses of customers and any access to that list could cause a large drop in profits if your competitors are emailing out to that list. Many struggling restaurants may be tempted to profit from the Menulog data breach and to run a campaign targeting customers in their area.
What Restaurants should do following the Menulog Data Breach.
Our advice for Restaurant owners using Menulog has always been to make an order with Menulog, ideally with a new email address that is not used for any other purpose and then monitored to see what emails and offers to other Restaurants Menulog is sending out. The number of promotional emails that Menulog send out can be quite large and it is important for a Restaurant owner to understand what offers are being sent from their competitors.
For those Restaurant owners who have followed our advice, they will be able to monitor the email account for offers from other Restaurants. If they receive any, they will know that the data has been breached and that their customer contact details are in the hands of their competitors.
For those who haven’t, we recommend making an order from your own website immediately with a new Gmail or other email account so that you can monitor what Menulog sends out and also you will be positioned in case the breach is still happening or it happens again.
Restaurants should talk to their customers and ask them to be on the look out for any emails from Restaurants that they have not previously dealt with. This could be an indication of the breach. Using an email address where consent has not been given is a breach of the ACMA anti spam laws and could result in action against any Restaurant that does use emails gained in this way.
Restaurants should report instances where they are able to see other restaurants contacts to Menulog and the privacy commissioner. Lastly, Restaurants should consider alternatives to Menulog.
Free alternative to Menulog
It is important to realise that Menulog is charging restaurants to take their customer contact details to build their own database – a database that may have been breached. The fees charged by Menulog are unsustainable for many Restaurants, and a free Menulog alternative was the number 1 request from our customers who do Take Away. Our Free Online Ordering system for Restaurants is the perfect alternative. It is free, and you get the contact details for every customer that orders from you. We believe that they are your customers and Marketing4Restaurants will never contact them, except for on your behalf with order confirmations or promotions for your Restaurant, not your competitors.
Update – Friday 1st April 09:02
Menulog released a blog this morning stating that they are aware of the software bug which was accessible to Restaurant partners. It occurred in very limited circumstances. They state that as far as they know it was only accessed by one Restaurant. This seems to indicate that they do not have logging of records access and only 1 restaurant reported it. Other restaurants who were able to access the data may have downloaded it to access the large number of emails available. The problem with a data breach like this is that the email list, if obtained, is out in the wild and can’t be recalled. This highlights the importance of Restaurant owners using Menulog (and Eat Now and Delivery Hero) each with a clean email address that isn’t used for any other purpose to be able to monitor if the email address is leaked.
There was no mention in the statement of the potential impact that this could have on Restaurants, either about the access to their customers contact details by their competitors or the decrease in orders from people concerned about the safety of their contact details.