Update: DataBreaches.net has received a statement from Uncle Maddio’s public relations firm in response to this site’s inquiry concerning a leak I had reported to them on December 15, and had attempted to follow up on a number of times since then. Their statement did not arrive before the publication deadline, and with personal information still risk, DataBreaches.net decided to publish the leak based on evidence provided to this site.
Uncle Maddio’s statement, received minutes ago from their public relations firm, disputes this site’s report that they had an exposed database:
Thank you for contacting Uncle Maddio’s Pizza. After investigating the information you provided from the third party and reviewing our information security standards and systems, we believe you may have us confused with another company. The information to which you refer does not correspond to the information we keep regarding our customers and employees. We take these claims seriously. We understand the immense importance of protecting information we receive from our employees and customers and have adopted standards and practices to protect that information, including separation of employee data from customer data, outside our payroll providers not storing SS#’s of employees and not storing credit card information. If you have additional information, please let us know.
In response, DataBreaches.net forwarded their statement and request to Chris Vickery so that he can provide them with more details or unredacted records that they can use to identify the source of the database.
If this is not their database, then DataBreaches.net owes them a profound apology and will issue a correction and public apology. But based on what this site saw, “Uncle Maddio’s” is all over that database. Perhaps they need to check with franchises?
Update to this update: In response to all the additional screen caps and evidence Chris Vickery sent them, Uncle Maddio’s PR spokesperson indicated that Uncle Maddio’s is “investigating and identifying outside experts to help them.”
DataBreaches.net hopes they do that quickly as SSN are still exposed.