You used to walk into a restaurant and be met with a physical menu. But the COVID pandemic, along with various other things, changed this too, bringing about the wave of QR codes.
Now, you go inside a restaurant, a cafe, an amusement park, no matter where, a little placard with a QR code on it is just plopped down in front of us without any question. We are then expected to point our phone camera at it and load the menu directly onto our phones.
But what if that simple scan was handing over more than you bargained for?
This question has become one of public debate when a Pune woman posted a now-viral video on Instagram that stopped a lot of people mid-bite.
Her experience, unsettling, invasive, and unfortunately not unique, shines a harsh spotlight on something most of us had never thought twice about: the data trail left behind every time we scan a restaurant’s QR code menu.
What Did The Woman Reveal In Her Video?
On May 12, 2026, Instagram user Rishika Dutta (@imagebyrizz) posted on her page about “serious harassment”. She captioned the video writing, “Got a late-night text from a number I didn’t recognise- turns out visiting a certain spot on FC Road came with more than just a good time. Your data shouldn’t follow you home. Stay aware!!”
Rishika Dutta in her video, recalled her experience when on April 28, she visited a popular eatery on FC Road in Pune, Maharashtra.
View this post on Instagram
Like most customers there, she scanned the QR code on the table to browse the digital menu, a routine act that barely registers as noteworthy. But later that same night, she began receiving text messages from an unknown number.
After some investigation, she alleged that the sender was an employee at the very restaurant she had just visited.
She suspected that her phone number, likely collected through the QR-code-based ordering and menu system, had been accessed and misused by a staff member to reach out to her personally.
In her video, Dutta shared screenshots of her conversation with the employee, where the man can be seen asking to be “friends” with her as well as inquiring about her age.
The woman shared her concern over this, saying, “Just think about it, aaj sirf ek message tha. Aur agar ghar ki details daali hoti, to maybe tomorrow it would have been a knock on my door (Just think about it, today it was just a message. If I had given details of my house, then tomorrow it would have been a knock on my door.)”
Dutta also spoke about how, after she contacted the restaurant management and the GM about the issue, they said that the employee had been terminated from the entire franchise. However, she did add that no written confirmation of the action taken or formal apology was provided to her.
In her video, she said, “But maine jab uska termination letter manga, to that was against the policy. The next thing was, I told him, to give it to me in writing. Ask the HR to write me a formal email of apology or call me. That has not been done till date.”
Following the backlash, FC Road SOCIAL issued a public apology, writing under her post, “Hi Rishika, thank you for speaking up and bringing this to our attention. We’re truly sorry for what happened at FC Road SOCIAL. This should never have happened, and we completely understand why it felt uncomfortable.”
Read More: Why Is Spending Cash Physically More Painful Than Using UPI?
The restaurant also confirmed it had taken “immediate action” and claimed the employee in question had been terminated on April 29, the day after the incident.
“Guest safety and privacy are extremely important to us, and we are strengthening our internal processes to make sure something like this never happens again,” the statement read.
The incident ignited a much larger debate online. Several users shared similar experiences, one recounting a similar incident at a restaurant in a Navi Mumbai mall years prior.
Others questioned why customers are expected to hand over personal data, including phone numbers frequently linked to Aadhaar, simply to view a menu.
“Digital privacy has become a joke,” one commenter wrote, while another declared they had stopped visiting restaurants that don’t offer physical menus.
Another user wrote, “Privacy is just a word in the dictionary now, doesn’t mean what it’s meant to be!”
One commented, “I have stopped eating at restaurants that don’t have a paper menu. This obsession with digitisation needs to be resisted. More power to you!”
One also explained, “Yes, this is becoming very common, and I really suggest it to all the girls out there. Some people feel it is okay to take calls and pay bills. But this QR can get a lot of information. Even giving a number out loud in common places is very risky. Especially at these parties where we get our contacts in the guest list, you will find a lot of creepy people waiting for such opportunities. So better be safe and try to share your number of your guy’s, friend or your partner’s number.”
Are QR Codes Safe To Scan?
A QR (Quick Response) code is essentially a two-dimensional barcode that stores information, typically a URL or a string of data, that your smartphone’s camera can read and act upon.
They were invented in 1994 by a Japanese automotive company and have since exploded into everyday life, particularly after the COVID-19 pandemic made touchless menus a public health preference.
By 2023, global QR code scans had increased by 433% compared to 2021, according to research from Recorded Future’s Insikt Group.
Today, they appear on restaurant tables, parking payment, boarding passes, product packaging, bank statements, and even television advertisements.
Paul Keener, cybersecurity strategist at Guidepoint Security, explained a fundamental vulnerability in an interview with KLAS-TV (8 News Now), saying, “It’s very difficult for someone to look at a QR code and say that’s not legitimate.”
The Microsoft Digital Defense Report 2024 found that QR codes had become the second most popular phishing delivery mechanism globally, trailing only fraudulent links.
According to cybersecurity firm Keepnet Labs’ 2025 data, the average business loss from a successful quishing attack exceeds $1 million per incident, and only 39% of consumers can accurately identify a malicious QR code when presented with one.
The threat of hacking is only one part of the problem, with the other, quieter, more mundane risk being the deliberate and routine collection of personal data through QR-based ordering systems.
When a restaurant deploys a QR code menu that requires customers to log in, enter a phone number, create an account, or grant browser permissions, it is often building a customer database in the background.
This data, names, phone numbers, email addresses, and sometimes purchase histories, can be stored on vendor servers that may have inadequate security controls, accessed by staff with varying levels of ethical restraint, or sold to third parties for marketing purposes.
6 Ways to Stay Safe When Scanning QR Codes
Given that QR codes aren’t going anywhere, and neither are restaurants that rely on them, the question becomes: how do you protect yourself? Here are six practical steps to stay safe:
1. Preview the URL before you proceed.
2. Avoid entering personal information unless absolutely necessary.
3. Keep your phone’s operating system and apps updated.
4. Be alert to physical tampering. It could be a fake sticker placed over a legitimate QR code.
5. Don’t scan QR codes in unexpected communications, especially if they are urging you to act immediately.
6. Protect your accounts with multi-factor authentication.
The technology itself is not inherently dangerous. But trust, extended without verification, to systems without accountability, is.
Scan thoughtfully.
Image Credits: Google Images
Sources: Hindustan Times, India Today, Moneycontrol
Find the blogger: @chirali_08
This post is tagged under: QR Codes, QR Codes safe, QR Codes scam, QR Codes dangerous, QR Codes hack, Cybersecurity, digital payments, digital security, digital transactions, Online banking, online fraud, online safety, online scams, QR code security, Scam prevention, UPI, UPI payments
Disclaimer: We do not own any rights or copyrights to the images used; these images have been sourced from Google. If you require credits or wish to request removal, please contact us via email.
