Subscribe
About
  • Home
  • /
  • Security
  • /
  • Our database wasn’t breached, says Nando’s

Our database wasn’t breached, says Nando’s

Samuel Mungadze
By Samuel Mungadze, Africa editor
Johannesburg, 24 Jul 2019

South African restaurant chain Nando’s, specialising in peri-peri-style chicken dishes, says an alleged data breach case reported in the news on Monday was in fact a human error.

According to Nando’s, a user posted a link containing personal information on social media (in direct contravention of the restaurant’s terms and conditions) which made the person’s data accessible.

“This matter has been swiftly handled, with the cached information/Web page removed from the Web.”

On Monday, it was reported by Twitter user, Jarn Athern, that the Nando’s FireStarter page may have leaked the personal details of at least one person.

According to Athern, Nando’s may have had security issues. The story was later picked up by media.

Now, the company says its investigation is almost over.

Nando’s says as a result of the news, swift action was taken by its team, and “there has been no impact to our business. Our Firestarters have been assured of the security of their personal information.”

Further, Nando’s says: “Our system and database have not been breached and therefore no details were tampered with. A cellphone number was discovered after a user shared a private survey link on a public platform more than five years ago. Unfortunately, the survey contained a cellphone number, resulting in unsolicited messages being sent from the person who stumbled across these details online.”

The company denies financial data belonging to customers had been compromised.

“Not at all. The only data made visible was a cellphone number and an e-mail address from two unrelated users. No personal information (such as name and surname) were made publicly available. Nando’s will never request customers’ financial information in a survey.

“The investigation is largely complete but we are still monitoring the matter very closely. We are awaiting final confirmation from Google that the cached survey pages were permanently removed – we expect this to come through today; however, the page is no longer visible. Once Google has formally communicated to us, we will circulate this confirmation to media.”

The restaurant says it is happy to share the findings publicly. 

“A Nando’s fan received an invitation to a Firestarters survey in May 2014. This was a private e-mail sent to a private individual. This fan partially completed the profile section of the survey and also posted a link to the survey on a public social media platform, which resulted in the survey still being publicly available. This action is against our survey terms and conditions.”

Nando’s adds: “Because the survey wasn’t completed and the link was posted on social media, the page was cached by Google and discovered over five years later by another user who then sent unsolicited messages. The cached page is no longer active. We await confirmation from Google on the permanent removal of this page and again, our database was not breached and this was a mere error by a user, and has been swiftly resolved.”

The popular restaurant operates over 1 000 outlets in 35 countries.

Share