First they have confirmed now that they have been breached and although they say that they had secured the data of the users, they said that protection has been broken (well if it was protection they surely didn't protect it sufficiently)
Secondly they have a real stupid security policy for protecting their password, because this was sent to me by some user
"After I realized I couldn't even order my damn pizza the way I wanted to, I wasn't able to delete my account...
Therefore, I changed my password to the most basic thing. Luckily I don't use this password anywhere else. I hope they don't have the old password stored somewhere else."
which proves that their passwords were stored in CLEARTEXT
thirdly we are talking about PROFILES with real names, real addresses and so on so this is in fact much more dangerous
and if it is so that the firm won't pay, will they pay for all the costs to change emailaddresses, phone numbers and eventually the adresses - imagine that their are adresses of judges, policemen and other people in it which have a protected address which shouldn't be published anywhere without their consent (this was the case in the 1 million SNCB dataleak)
they have sent an email to all their clients but have they shut down their services pizza.PNG
and they didn't mention anything about that on their site
I don't think they can have resecured their site that fast or they must have made such a stupid mistake that it was possible to correct it immediately and if that was the case, than they were negligent