Data leak at Australian fast food giant Patties Foods exposes critical customer data! Learn what information may be exposed, the potential risks, and what you can do to protect yourself if you’re a customer.
Leading Australian food service provider and fast-food giant Patties Foods, is facing a data leak controversy after Website Planet reported exposure of sensitive customer information due to an unprotected database.
Reportedly, cybersecurity researcher Jeremiah Fowler discovered two non-password-protected databases containing 524,000 documents belonging to Patties Foods Limited, a renowned producer of edible products such as meat pies, sausage rolls, frozen fruits, etc.
The first database exposed a logging server with 496,296 records, including system errors, warnings, indexing operations, search queries, and cluster health status. The second exposed a separate cloud storage database with 25,800 invoices and distribution records in.pdf and.xls formats. Exposed internal logging records also contained project management software Jira’s support tickets, with information on issues and support requests’ status.
Further probing revealed that the IP address was managed by Provenio.ai, which facilitates AI-powered productivity for Australian companies’ supply chain back-office. Fowler sent a responsible disclosure to Provenio, and the company restricted access to both databases within two hours, thanked him and confirmed they were taking this incident “very seriously.”
The exposed databases contained a vast amount of information, including vendor, contact, email, invoices amounting to a “significant sum,” and banking details like account numbers, invoice amount, supplier number and name, invoice number and amount, approval code, communication between Patties and Provenio, and employee names, which could be valuable information for cybercriminals.
The duration of the exposure and potential access to these records remain unknown. However, if unauthorized access occurs, the information can put consumers at risk of scams like invoice fraud, which involves the manipulation of invoices to deceive businesses. Furthermore, criminals can exploit data leaks to launch fraudulent schemes by using non-public internal information, such as billing details and contact information.
In a statement to Hackread.com, Patties Foods confirmed that the leaked information was not maliciously accessed in any way.
“We have been notified by ProvenioAI, one of our third-party suppliers, that there was a temporary exposure to some of their systems which was quickly resolved. According to ProvenioAI, there has been no breach or no evidence that information has been maliciously accessed. We take cyber security extremely seriously and are working closely with ProvenioAI to ensure all data remains secure. We can confirm there has been no breach to Patties Food Group’s systems and there is no cause for concern.’’
Patties Foods
By exploiting a company’s trust in its vendors, criminals can deceive businesses into making unwarranted payments. The presence of spreadsheets and invoices containing fleet and transportation information could provide criminals with additional inside information to enable fraudulent activities.
This incident occurred at a time when the Australian Cyber Security Centre (ACCC) warned about the risk of invoice scams targeting citizens by sending victims altered payment requests. In 2023, Australians reported losing $16.2 million to payment redirection scams.
Patties Foods customers should monitor their bank statements for suspicious activity, especially credit card transactions, change passwords for accounts used at the store, and be cautious of phishing attempts through unsolicited emails.
RELATED ARTICLES
- Aussie Travel Agency Data Leak Puts Tourists at Risk
- Hackers Demand Ransom from Hacked Aussie Food Company
- User data exposed in Australia’s 2nd-largest telecom firm breach
- Aussie govt emergency service hacked to send fake warning alerts
- Aussie Defence Force Communications Service Hit by Ransomware Attack
