Home Chef Company Data Breach Affected 8 Million Customers

Are you a Home Chef customer? If so, be advised that the company recently announced a data breach.

It was discovered after the hackers who broke in sold more than 8 million user records on the Dark Web.

The group, calling themselves “The Shiny Hunters” has been busy of late.

They’ve been selling databases containing records stolen from a total of eleven different companies, with prices ranging from $500 to $2500 per database.

Home Chef was made aware that the database containing their customers’ information was available for sale nearly two weeks ago. However, the company waited an inordinate amount of time before coming forward and publicly announcing the breach, a delay which has cost them in the eyes of their customers.

Part of the company’s notice on their website reads, in part, as follows:

Protection of customer data is a top priority for Home Chef and we work hard to safeguard our customers’ information. We recently learned of a data security incident impacting select customer information.”

The FAQ accompanying the notification goes on to outline that the stolen data includes the following information. It included the customer names, email addresses, phone numbers, the last four digits of any credit card numbers on file, encrypted passwords, and a variety of other general profile information.

Home Chef stressed that only the last four digits of a customer’s card was accessed, and reiterated that they don’t store complete payment information in their databases.

That’s all well and good, but the company is finding it hard to convincingly sell the idea that protection of customer data is a top priority. After all, they waited two weeks to inform their customers that their information was for sale on the Dark Web. That is why, despite the fact that this breach is relatively small compared to others we’ve seen over the past twelve months, the company is taking flak for it.

In any event, if you’re a Home Chef customer, be sure to head to their website and see if yours was one of the accounts accessed. Even if it wasn’t, the prudent course of action would be to change your password at the very least.