Australian meat pie, sausage roll and pastie maker Patties Food Group is the latest company caught in a data leak, with thousands of documents including invoices, orders and banking information made available online via an unprotected database.
Cybersecurity researcher Jeremiah Fowler uncovered two separate databases with documents relating to Patties Foods. The first contains 496,296 technical records such as system errors, search queries and other diagnostic data, and the second contains more than 25,000 company invoices and distribution records.
Patties Foods owns Four’n’Twenty Pies. The company has been caught up in a data breach.
Patties Food Group operates the Four’N Twenty, Leggo’s, Lean Cuisine and Herbert Adams brands in Australia and also supplies hotels, restaurants and other hospitality providers with bistro items, desserts and finger foods.
Fowler said the documents were managed by service provider Provenio.ai, a Sydney-based start-up offering “AI-powered productivity” for the administrative operations of many well-known Australian companies.
This screenshot shows a Patties Foods invoice for almost $150,000.Credit: Jeremiah Fowler
“The exposed records contained a wealth of information that could have significant potential risks in the wrong hands,” Fowler said.
“The documents identified vendors, contacts, emails and banking information such as account numbers, invoice amount, supplier number, supplier name, invoice number, invoice amount, approval code, employee names and more.”
Fowler reported the leak to Provenio.ai, which he said acted quickly and professionally within hours to restrict access to the databases as soon as it was notified about the incident.
“We take cybersecurity seriously and engaged a NSW government-approved specialist cybersecurity firm, Cyberknox, to conduct a full forensic audit and investigation,” Provenio.ai executive director Simon Lupica told this masthead.