Cyber Incident Victim: MenuSifu

In early 2021, cybersecurity firm Gemini Advisory reported a series of breaches affecting five online restaurant ordering platforms between approximately October 2020 and April 2021. These breaches collectively exposed approximately 343,000 payment cards through Card Not Present (CNP) fraud. The compromised platforms operated under two distinct models. Three platforms—including Easy Ordering and E-Dining Express—provided direct ordering and point-of-sale (POS) infrastructure to individual restaurants, enabling attackers to steal payment data directly from at least 70 restaurants using these services. Two other platforms—Grabull and an unnamed entity—functioned as third-party ordering aggregators similar to Grubhub or DoorDash, indirectly exposing payment cards from hundreds of participating restaurants through their centralized infrastructure. The attacks were attributed to the "Keeper" hacking group, which deployed Magecart-based skimming techniques to harvest card data during online transactions.

The breaches impacted consumers and restaurants relying on these platforms, with stolen payment card details appearing for sale on dark web marketplaces. Gemini Advisory initially named specific platforms in their April 2021 report but revised the publication in early May 2021 following legal complaints, removing references to two entities while maintaining the core findings. DataBreaches.net updated its coverage to reflect these changes, noting the edits were not retractions or corrections. No specific containment measures or technical responses from the affected platforms were detailed in available reporting. The incident highlighted systemic vulnerabilities in third-party restaurant ordering systems during increased pandemic-driven online ordering, though forensic details about intrusion methods, detection timelines, or remediation efforts remained undisclosed publicly.