Advertisement

Breach at food delivery service Chowbus reportedly affects hundreds of thousands of customers

The incident is a blow for a budding company that had recently attracted funding from Silicon Valley and New York venture firms alike.
Chicago-based Chowbus informed customers of the incident on Monday (Getty Images).

Two months after securing a $33 million funding round from investors, food delivery startup Chowbus is grappling with a breach that observers say exposed personal data on hundreds of thousands of customers.

Customers reported receiving an email on Monday from Chowbus containing reams of customer data, including names, phone numbers and mailing and email addresses. The file is said to contain more than 800,000 rows.

The incident is a blow for a budding company that had recently attracted funding from Silicon Valley and New York venture firms alike. Founded four years ago in Chicago, Chowbus touts its app’s ability to connect diners with authentic and undiscovered Asian restaurants.

Advertisement

In an email to customers, Chowbus CEO Linxin Wen said the data had been “illegally accessed” and dumped online, but he did not say how. Credit card numbers were not compromised, Wen said.

“As soon as we became aware of this incident, our security team quickly took steps to start addressing the issue,” Wen wrote. He did not say what those steps were.

Have I Been Pwned, a data breach reporting service, said the data included 444,000 unique email addresses. Fifty-eight percent of the total dataset was already reported compromised by Have I Been Pwned.

Chowbus did not respond to requests for comment on Tuesday.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts