NewsBlog/News

Notification: Misdisplay of Personal Information Incident

TableCheck

TableCheck

Dec 2, 2024 - 2 min read

Notification: Misdisplay of Personal Information Incident

December 2nd, 2024
TableCheck, Inc.

TableCheck, Inc. identified a technical issue within the "Experience Pages" function of its reservation booking system, whereby under rare circumstances, certain personal information of a given user was mistakenly displayed to another user. We at TableCheck apologize sincerely for any inconvenience or concern this may have caused.

Overview

The "Experience Pages" functionality is a special function which displays the details of specific events and/or course plans on the reservation page within the TableCheck reservation system. A misconfiguration of the caching (temporary memory) settings resulted in a phenomenon where, in rare circumstances, one user’s personal information could have been mistakenly displayed to another user inside the form fields of the reservation booking form.

  • Date Identified: October 21, 2024

  • Scope of Impact: Out of approximately 11,000 venues using TableCheck, the issue was confirmed to potentially occur under specific conditions (described below) at 709 locations where the "Experience Pages" functionality was enabled

  • Estimated Occurrences: We estimate that the data of 500 or fewer users was misdisplayed, based on our internal simulation. Each data misdisplay occurrence would involve on average 1 or 2 other users viewing the misdisplayed data.

Important notes:

  • This incident does NOT constitute a data breach, mass-exposure, mass-theft of data, or similar cybersecurity incident.

  • TableCheck’s systems and data were NOT compromised or intruded upon as a result of this incident.

  • This incident could NOT have been exploited by a third-party to steal data in-bulk.

  • As of December 2nd, 2024, no unauthorized use of personal information or related damage has been reported in conjunction with this issue, and no evidence of malicious attempts to steal information by third parties has been found.

  • Due to our system structure, it is not possible to precisely identify all affected users.

Chronology of Issue Identification and Response

  • October 30, 2023: Launch of "Experience Pages" functionality

  • October 21, 2024, 12:34 PM: Internal monitoring identified the occurrence of the issue via specific posts.

  • October 21, 2024, 1:45 PM: The Operations Team initiated an investigation and reported to the Development Team.

  • October 21, 2024, 3:35 PM: The Development Team identified the cause.

  • October 21, 2024, 4:15 PM: Prepared a fix and began building.

  • October 21, 2024, 4:30 PM: Deployed the fix to the production system and implemented measures to prevent recurrence.

Misdisplayed Personal Information

  • Customer names, email addresses, and phone numbers entered during reservations via "Experience Pages."

  • The following were NOT exposed due to this incident:

    • Login passwords for TableCheck Accounts

    • Credit card and/or payment information

For clarity, it was NOT possible for a user to access another user’s TableCheck Account as result of this incident.

Current Status and Recurrence Prevention Measures

Current Status

  • As of 4:30 PM on October 21, 2024, the caching functionality was disabled, and operations are now running normally.

Reasons for the Delay in Public Disclosure

  • Time was required to determine the scope of the impact, including the number of instances where personal information was misdisplayed and the affected locations.

Recurrence Prevention Measures

  • Revised the server caching settings to ensure personal information entered during reservations is not cached.

  • Implemented a process where features related to caching are implemented and owned directly by TableCheck’s Information Security team, and reviewed separately by an application development team..

  • Conducted re-education sessions for the Technology Team on the importance of caching functionality and personal information protection, strengthening our information security framework.

Cause of the Issue and Conditions for Its Occurrence

This issue was caused by a misconfiguration in the caching process during the development of the "Experience Pages" functionality. The issue was confirmed to occur randomly only when ALL of the following conditions were met:

  1. A user accessed the "Experience Page" feature, which displays events or specific course plans in the TableCheck reservation system.

  2. Multiple users accessed the same server process for the same “Experience Page” instance among approximately 100 server processes within an approximate one minute timeframe.

  3. The users accessing the server were either (a) logged in to their TableCheck My Page account and/or (b) had made a reservation through TableCheck within the past month.

We at TableCheck deeply apologize for any inconvenience and concern this incident has caused our valued users. The protection of our customers' data is our highest priority, and we handle it with the utmost care and urgency. We are fully committed to preventing such incidents in the future and will continually work to strengthen and enhance our security practices.

For Inquiries

For Media Inquiries

TableCheck PR Department MAIL: tc-pr@tablecheck.com

For Users and Restaurant Partners

Customer Inquiry Desk MAIL: contact@tablecheck.com

Join the community of 10,000 restaurateurs
Join the community of 10,000 restaurateurs
Get free online marketing tips and resources straight to your inbox.
Unsubscribe anytime.
Thanks for subscribing!
Thanks for subscribing!
You’ll start receiving all the latest news from TableCheck straight to your inbox.
Sorry, there was an error.
Sorry, there was an error.
Stay connected
Stay connected
Follow the TableCheck Blog using your preferred feed format.
RSSATOMJSON
Back to listing
We use cookies to personalize content, to analyze our traffic, and improve your experience on our website. Read the Privacy Policy
I acceptNo, thanks

Contact us

Do you want to learn more about our platform? Contact us and we can set up a demo.

For diners with reservation, booking, amendment, or cancellation inquiries, please reach out to the respective restaurant directly or visit this page.

First Name*
Last Name*
Company
Country
Your Email*
Your Phone*
What best describes you?*
How did you hear about us?*

Website

Additional comments

I agree to the privacy policy.

*
Thank you for contacting us.
Thank you for contacting us.

Our team members will reach out to you shortly.

Sorry, there was an error.
Sorry, there was an error.

Please try again later.