{"id":651582,"date":"2026-06-06T07:14:45","date_gmt":"2026-06-06T05:14:45","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=651582"},"modified":"2026-06-06T09:23:40","modified_gmt":"2026-06-06T07:23:40","slug":"nandos-allegedly-hacked","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/651582-nandos-allegedly-hacked.html","title":{"rendered":"Nando&#8217;s allegedly hacked"},"content":{"rendered":"\n<p>A hacker has claimed to have breached Nando&#8217;s and is selling what they allege to be private data from Nando&#8217;s employees in the United Kingdom and Ireland.<\/p>\n\n\n\n<p>In a post on a notable hacker forum, the threat actor said that over 87,000 alleged private records from past and current Nando&#8217;s employees were on sale for $1,000 (R16,222).<\/p>\n\n\n\n<p>Founded in Johannesburg in 1987 by Portuguese-born Fernando Duarte and Robert Brozin, the company has grown to operate more than 1,200 outlets in over 30 countries.<\/p>\n\n\n\n<p>The first Nando&#8217;s outlet was a Portuguese-Mozambican restaurant, which the pair bought for R80,000 after trying its grilled chicken with peri peri sauce.<\/p>\n\n\n\n<p>Duarte and Brozin renamed the restaurant Nando&#8217;s after Duarte&#8217;s firstborn son. By 1989, the rebranded restaurant chain had three outlets in Johannesburg and one in Portugal.<\/p>\n\n\n\n<p>South African businessman Dick Enthoven bought a stake in the business early on by giving Duarte and Brozin a loan. Enthoven eventually acquired the whole business.<\/p>\n\n\n\n<p>In 1992, the chain was acquired by Enthoven&#8217;s holding company Capricorn Ventures International, and it opened its first outlet in the UK at Ealing Common, London.<\/p>\n\n\n\n<p>Enthoven&#8217;s son, Robby, was responsible for expanding the Nando&#8217;s chain into the UK, where it has become one of the country&#8217;s most popular fast-casual restaurants.<\/p>\n\n\n\n<p>Enthoven passed away in 2022, and his family now owns the Nando&#8217;s restaurant brand worldwide through their Luxembourg-based private investment group Yellowwoods.<\/p>\n\n\n\n<p>Aside from its locations in South Africa and the UK, Nando&#8217;s also has chains in African countries, including Botswana, Eswatini, Zambia, Zimbabwe, and Mauritius.<\/p>\n\n\n\n<p>In the Middle East, Nando&#8217;s had five restaurants in Bahrain as of March 2026. It had 8 branches in Qatar, 9 in Saudi Arabia, and over 19 branches in the United Arab Emirates (UAE).<\/p>\n\n\n\n<p>Its third largest market outside of South Africa and the UK was Malaysia, where the chain is well-known thanks to its iconic advertising that satirises contemporary local issues.<\/p>\n\n\n\n<p>It opened branches in Pakistan, Singapore, and India in Asia, as well as in Australia, Canada, Ireland, New Zealand, and the United States, where it opened its first outlet in 2008.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Nando&#8217;s employees in the UK and Ireland allegedly affected<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1200\" height=\"675\" src=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/06\/Nandos-breach-Post-1200x675.jpg\" alt=\"\" class=\"wp-image-651585\" srcset=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/06\/Nandos-breach-Post-1200x675.jpg 1200w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/06\/Nandos-breach-Post-600x338.jpg 600w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/06\/Nandos-breach-Post-768x432.jpg 768w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/06\/Nandos-breach-Post-1536x864.jpg 1536w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2026\/06\/Nandos-breach-Post.jpg 1600w\" sizes=\"(max-width: 1200px) 100vw, 1200px\" \/><figcaption class=\"wp-element-caption\">Deep web post advertising allegedly stolen Nando&#8217;s employee information.<\/figcaption><\/figure>\n\n\n\n<p>Nando&#8217;s South Africa told MyBroadband that its systems were separate from its UK business and that its South African customers were not affected by the alleged breach.<\/p>\n\n\n\n<p>&#8220;Our South African customer and employee data is managed within these independent environments and remains secure and unaffected,&#8221; it said.<\/p>\n\n\n\n<p>&#8220;Safeguarding the confidentiality and integrity of any personal information is a core priority for our business.&#8221;<\/p>\n\n\n\n<p>The chain said that it maintained strict data protection standards across all of its internal and external platforms, in line with legislation such as the Protection of Personal Information Act (POPIA).<\/p>\n\n\n\n<p>MyBroadband also contacted Nando&#8217;s representatives in the UK for comment, but they did not respond by publication.<\/p>\n\n\n\n<p>The threat actor said more than 44 UK employees and 353 Irish employees were affected by the alleged breach, with their data up for sale.<\/p>\n\n\n\n<p>The post alleged that private data, such as full names and current employee business and personal emails, was in the dataset.<\/p>\n\n\n\n<p>It also supposedly contained employee mobile and landline numbers, roles within Nando&#8217;s branches, employment locations, cost centre information and job listing information.<\/p>\n\n\n\n<p>While Nando&#8217;s South Africa was not affected, if the leak is authentic, it would be the latest in a string of attacks affecting South African companies.<\/p>\n\n\n\n<p>MyBroadband recently reported that a threat actor <a href=\"https:\/\/mybroadband.co.za\/news\/security\/650222-pick-n-pay-delivery-app-breached-and-limited-shopper-credit-card-details-leaked-online.html\">acquired data from Pick n Pay Asap!<\/a>, the retailer&#8217;s on-demand delivery platform. The data was for sale on the deep web.<\/p>\n\n\n\n<p>Pick n Pay online executive Enrico Ferigolli confirmed that the data was legitimate and that it potentially affected private customer data from 2022.<\/p>\n\n\n\n<p>However, while the threat actor claimed to have full card details and CVVs for sale, Pick n Pay said the database only stored the last four digits of each card.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A hacker has claimed to have breached Nando\u2019s and is selling what is alleged to be private data from Nando\u2019s employees in the United Kingdom and Ireland.<\/p>\n","protected":false},"author":341213,"featured_media":651583,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[15227,199,12245,5380,63819],"class_list":["post-651582","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-cybersecurity","tag-hackers","tag-nandos","tag-pick-n-pay","tag-restaurants"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/651582"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341213"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=651582"}],"version-history":[{"count":8,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/651582\/revisions"}],"predecessor-version":[{"id":652569,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/651582\/revisions\/652569"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/651583"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=651582"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=651582"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=651582"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}