TGI Fridays Australia data breach highlights concern

By Nick Hall | 10 Sep 2019 View comments

The Australian arm of US-born casual dining franchise TGI Fridays is the latest brand to suffer a security breach. The TGI Fridays Australia data breach reportedly exposed sensitive information collected as part of the loyalty program, however the chain was quick to take action.

At present, TGI Fridays has a network of around a dozen restaurants in Australia, despite having an enormous presence internationally.

Details of the TGI Fridays Australia data breach emerged last week, with the chain since confirming the security concern had impacted an unknown number of customers.

In an email sent to all members of the loyalty program, viewed by Inside Franchise Business, the chain urged customers to change their MyFridays passwords, revealing that one of its servers had been exposed.

“We have engaged a dedicated Melbourne-based cyber security company to assess our data and systems, and can confirm that they have identified a potential exposure of personal information related to the MyFridays Rewards loyalty program,” the email read.

According to the email, TGI Fridays notified the Office of the Australian Information Commissioner (OAIC), confirming that all back-up files were no longer accessible.

“We take your privacy extremely seriously and sincerely apologise for this potential data exposure,” the email read.

Data breach

While the TGI Fridays Australia data breach is a concern for loyalty members, the chain is by no means alone in its battle against cyber attacks.

A number of big name franchisors have come a cropper to malicious attacks, which, according to national figures compiled by the OIAC are on the rise.

The vast majority of Australian cyber incidents are linked to compromised credentials, either through phishing scams, by unknown methods or by brute-force attack.

Angelene Falk, Australian Information Commissioner and Privacy Commissioner said attacks like these highlight the need for a consistent review of security systems, particularly when they involve a level of human interaction.

“The fact that there is a human factor involved in so many cases demonstrates the need for staff training to increase awareness of cyber risks and to take the necessary precautions,” Falk said.

Falk said she hoped raising awareness over cyber attacks would prompt a more proactive approach from the corporate community.

“Putting data breaches in the spotlight has heightened awareness of the privacy rights of consumers, who in turn are demanding greater security from the organisations with which they share information,” she said.