A former security engineer for the online food ordering platform ChowNow is suing the company, alleging that only months after he was hired in 2024, he was fired for speaking out about allegedly lax protection for employees’ personal data and clients’ financial information.
Julio Nunez’s Santa Monica Superior Court lawsuit alleges wrongful termination, whistleblower retaliation, intentional infliction of emotional distress and a violation of the state Business and Professions Code. Nunez seeks more than $1 million in compensatory damages and $3 million in punitive damages.
A ChowNow representative did not immediately reply to a request for comment on the suit brought Thursday.
Nunez was hired as a senior engineering manager for security at the Culver City-based company in May 2024 at $240,000 a year along with stock options. He soon identified what he believed were serious security and compliance deficiencies within ChowNow’s information security environment, including the breach of personal employee data, the suit states.
Nunez reported his concerns in August 2024 and questioned the disabling of the incident response management module that he used to record issues of noncompliance within ChowNow, reasonably believing that doing so created unnecessary exposure of the platform’s clients’ sensitive financial information, according to the suit.
ChowNow also retained a cybersecurity vendor without performing a required risk assessment or obtaining an internal compliance review, the suit alleges.
Nunez also believes that ChowNow terminated its prior director and security program manager after similar complaints were made, which the plaintiff alleges shows a “pattern of suppressing compliance efforts and removing personnel who blew the whistle regarding compliance concerns.”
The same month Nunez spoke out, he was invited to what was called a “growth benefit” that actually turned out to be a meeting that included the human resources director, at which time the plaintiff was accused of conduct in violation of ChowNow policies, the suit states.
“Such a lie was clearly generated in an effort to create a pretextual reason to justify the adverse employment actions ChowNow had in store for plaintiff,” according to the suit, which further states that Nunez was terminated less than a day later.
Nunez contends that the reasons given him for his job loss were false and that the action was taken instead in retaliation for his speaking out about his personal information security concerns.
Not surprised. At one point they were also target of a ransomeware where a lot of their code directories were unprotected and freely accessible on the web. Not sure how they were getting through their PCI audits. Another mystery. Your data is not safe, do not use their platform.