Café de Coral customers’ information leaked in email mishap

Personal details of about 108,500 Café de Coral customers who signed up for a bonus point scheme were leaked to an outside party when the data was accidentally attached to an email, the restaurant chain said yesterday.

The leak, which happened on April 30, included names, phone numbers, email addresses and Octopus card numbers of customers who registered with the chain's Club 100 programme.

Café de Coral said in a statement yesterday the data was "inadvertently sent to a person outside the group in an attachment to an email that was mistakenly copied to that person".

The chain said it had immediately asked the recipient to delete the email and its attachment, adding that it had launched a review of procedures and systems to prevent a similar situation in future.

Café de Coral said it had reported the case to the police and the Office of the Privacy Commissioner for Personal Data and notified all affected members of the scheme.

"The group greatly regrets the unfortunate incident and takes it very seriously," it added.

In an email reply to the Post, the chain said it believed the likelihood of the information being misused was not high because the attachment did not contain any sensitive or financial data.