This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

TGI Fridays Australia

Summary

TGI Fridays Australia disclosed in September 2019 that it had exposed customer data from its loyalty program due to a system misconfiguration. The breach affected customers who had signed up for the restaurant chain's rewards program and compromised basic contact information and dining preferences. The incident was one of several Australian data breaches disclosed around the same period, contributing to rising breach notification statistics.

What Happened

Misconfiguration. TGI Fridays' customer loyalty program database was improperly configured, leaving member information accessible without adequate security controls. The exposed data included customer names, email addresses, phone numbers, dates of birth, and potentially dining preferences or order histories linked to loyalty accounts. The vulnerability may have existed for some time before being discovered during a security review or reported by an external party. The breach affected the Australian operations of the American casual dining chain.

Impact on Individuals

  • Contact Information Exposed: Email addresses and phone numbers available for spam or phishing
  • Birthday Details: Dates of birth useful for identity verification or social engineering
  • Dining Preferences: Information about food orders and restaurant visits revealed
  • Loyalty Account Access: Potential for unauthorised use of rewards points or benefits
  • Marketing Impact: Possible increase in unwanted marketing or scam attempts

While the breach involved relatively low-sensitivity data, it nonetheless created privacy concerns and potential fraud risks for affected diners.

Response

TGI Fridays Australia immediately secured the exposed customer database and launched an investigation into the misconfiguration. The restaurant chain notified affected loyalty program members via email and reported the breach to the Office of the Australian Information Commissioner. TGI Fridays implemented enhanced security measures for its customer database and reviewed its IT security practices. The company advised affected customers to be alert for potential phishing emails or phone scams using their information. The breach highlighted the need for hospitality businesses to properly secure customer data collected through loyalty and rewards programs, even when that data may seem relatively low-risk. +++

Verification Source: View original statement