Pizza Hut has notified customers they may be victims of a cyber attack.
In a notification letter sent out to an undisclosed number of customers, the fast food giant said a cyber security incident took place in early September where an unauthorised third party targeted some of the company’s data.
“We secured our systems, engaged forensic and cyber security specialists, and initiated an ongoing investigation to help us understand what occurred, and identify the data that was impacted,” the email read.
“At this stage, we have confirmed that the data impacted relates to customer record details and online order transactions held on our Pizza Hut Australia customer database.”
The company said this includes personal details such as customer names, delivery addresses, emails, and phone numbers. It also includes unusable masked credit card details and secured one-way encrypted passwords for customers with a Pizza Hut Australia user account.
The pizza chain also noted that the credit card details used could not be used to make fraudulent payments and that all credit card payments were “processed securely by an approved payment platform.”
Pizza Hut also confirmed that its operations were not compromised and the company would keep processing orders online or over the phone for customers.
“From our investigation and the steps taken in response to the incident, we believe there is only a small proportion of customers on our database whose personal information has been impacted. We have notified these customers as well as the Office of the Australian Information Commissioner (OAIC) of the incident.”
Cyber Criminals Also Target Parent Company
In early September, databreaches.net reported that hacking group ShinyHunters was behind the attack, having been able to access more than 30 million records with customers’ orders and the details of more than one million Pizza Hut customers.
“Shiny states that they are demanding $300,000 to delete all the data. ShinyHunters has a reputation for selling or leaking data when their victims don’t pay their extortion demands, and so far, Pizza Hut hasn’t responded to them at all,” the website reported.
The incident came after Yum! Brands, the parent company that owns KFC, Taco Bell, Pizza Hut, and The Habit Burger Grill revealed that it also suffered a data breach.
In January, Yum! Brands was targeted by a ransomware attack that resulted in the closure of nearly 300 restaurants in the UK in one day.
The operator faces multiple class action lawsuits from its employees who said their privacy was violated in the attack.
“While this incident caused temporary disruption, the Company is aware of no other restaurant disruptions and does not expect this event to have a material adverse impact on its business, operations or financial results,” the operator’s Form 8-K said.