Database Mess Up: Aussie Food Giant Patties Foods Leaks Trove of Data

Data breach at Australian fast food giant Patties Foods exposes critical customer data! Learn what information may be exposed, the potential risks, and what you can do to protect yourself if you’re a customer.

Leading Australian food service provider and fast-food giant Patties Foods, is facing a data breach controversy after Website Planet reported exposure of sensitive customer information due to an unprotected database.

Reportedly, cybersecurity researcher Jeremiah Fowler discovered two non-password-protected databases containing 524k documents belonging to Patties Foods Limited, a renowned producer of edible products such as meat pies, sausage rolls, frozen fruits, etc.

The first database exposed a logging server with 496,296 records, including system errors, warnings, indexing operations, search queries, and cluster health status. The second exposed a separate cloud storage database with 25,800 invoices and distribution records in.pdf and.xls formats. Exposed internal logging records also contained project management software Jira’s support tickets, with information on issues and support requests’ status.

Further probing revealed that the IP address was managed by Provenio.ai, which facilitates AI-powered productivity for Australian companies’ supply chain back-office. Fowler sent a responsible disclosure to Provenio, and the company restricted access to both databases within two hours, thanked him and confirmed they were taking this incident “very seriously.”

The exposed databases contained a vast amount of information, including vendor, contact, email, invoices amounting to a “significant sum,” and banking details like account numbers, invoice amount, supplier number and name, invoice number and amount, approval code, communication between Patties and Provenio, and employee names, which could be valuable information for cybercriminals.

Screenshot from the leaked data provided to Hackread.com by WebsitePlanet.

The duration of the exposure and potential access to these records remain unknown. However, if unauthorized access occurs, the information can put consumers at risk of scams like invoice fraud, which involves the manipulation of invoices to deceive businesses. Furthermore, criminals can exploit data breaches to launch fraudulent schemes by using non-public internal information, such as billing details and contact information.

By exploiting a company’s trust in its vendors, criminals can deceive businesses into making unwarranted payments. The presence of spreadsheets and invoices containing fleet and transportation information could provide criminals with additional inside information to enable fraudulent activities.

This incident occurred at a time when the Australian Cyber Security Centre (ACCC) warned about the risk of invoice scams targeting citizens by sending victims altered payment requests. In 2023, Australians reported losing $16.2 million to payment redirection scams.

Patties Foods customers should monitor their bank statements for suspicious activity, especially credit card transactions, change passwords for accounts used at the store, and be cautious of phishing attempts through unsolicited emails.

****RELATED ARTICLES****

1. Aussie Travel Agency Data Leak Puts Tourists at Risk
2. Hackers Demand Ransom from Hacked Aussie Food Company
3. User data exposed in Australia’s 2nd-largest telecom firm breach
4. Aussie govt emergency service hacked to send fake warning alerts
5. Aussie Defence Force Communications Service Hit by Ransomware Attack