October 9, 2020

To Our Chowbus Community:

Nothing is more important to us than serving our users and ensuring the best possible experience with Chowbus. As you may know, on Monday, October 5, 2020, Chowbus became aware of an incident involving the unauthorized disclosure of certain user information. We are taking this issue seriously, and we sincerely regret any inconvenience, concern, or frustration this may cause you. 

We value open and transparent communications with our community. Upon becoming aware of this incident, it was important to us to quickly communicate to you what we knew at that time. We recognize we didn’t have all of the answers then, and we appreciate your continued patience. We want to assure you our team is working diligently to investigate the incident, to gather the facts, and to take steps to help prevent something like this from happening again. 

We want to share with you the latest updates, based on our current review of the situation:

  • On October 5, 2020, we learned that two files containing Chowbus customer and restaurant data had been posted online, and a link to those files had been shared with our customers.

  • Immediately upon discovery of the incident, we initiated an internal investigation with the assistance of industry experts.

  • Based on our review to date, the customer information involved includes names, delivery addresses, phone numbers, and email addresses.

  • While the investigation is ongoing, we currently have no indication that payment information or passwords were involved. Chowbus uses a third party payment provider for processing payments. We do not store credit cards or any other payment information.

  • As a reminder, we do not request users’ birth dates, bank account information, or any government ID numbers – such as Social Security numbers – as part of the Chowbus registration process, and that information is not involved in this incident.

This incident is a reminder to all of us about the quickly evolving cyber landscape, and the importance of remaining vigilant. For our part, we are committed to taking additional steps to safeguard the information in our care. We use tools to monitor our systems and are continuing to identify opportunities to further strengthen our defenses. We are also working closely with cybersecurity experts as part of this assessment.  

We encourage you to remain vigilant as well. Chowbus will never email you to ask for your personal information. It is always good practice to be aware of any suspicious emails, and not to click on any unknown links or attachments, even if they appear to come from a person or company you know and trust. As a matter of best practice, please remember not to use the same password across multiple websites or applications. If you created your Chowbus account by using an email and password, you can reset your Chowbus password here. If you created your Chowbus account using Facebook, Google, or Apple login, your password is not stored within Chowbus systems.

We recognize you may have more questions, and we will do our best to answer them as more information becomes available. We will continue to work hard to earn your trust every day, and are grateful for your continued support and understanding as we navigate this situation.

Should you have any questions or concerns, please contact us at [email protected]

Linxin Wen

CEO & Co-founder