Written by Sean Lyngaas
Two months after securing a $33 million funding round from investors, food delivery startup Chowbus is grappling with a breach that observers say exposed personal data on hundreds of thousands of customers.
Customers reported receiving an email on Monday from Chowbus containing reams of customer data, including names, phone numbers and mailing and email addresses. The file is said to contain more than 800,000 rows.
Got an email from @ChowbusOfficial support with a link to their full user data dump. Columns include email, full name, and full address. File has ~800000 rows.
— Johnny Wang (@Johnny___Wang) October 5, 2020
The incident is a blow for a budding company that had recently attracted funding from Silicon Valley and New York venture firms alike. Founded four years ago in Chicago, Chowbus touts its app’s ability to connect diners with authentic and undiscovered Asian restaurants.
In an email to customers, Chowbus CEO Linxin Wen said the data had been “illegally accessed” and dumped online, but he did not say how. Credit card numbers were not compromised, Wen said.
“As soon as we became aware of this incident, our security team quickly took steps to start addressing the issue,” Wen wrote. He did not say what those steps were.
Have I Been Pwned, a data breach reporting service, said the data included 444,000 unique email addresses. Fifty-eight percent of the total dataset was already reported compromised by Have I Been Pwned.
Chowbus did not respond to requests for comment on Tuesday.