Pizza Hut Australia has fallen victim to a cyber attack, leading to the theft of customer data, including delivery addresses and order specifics, the company confirmed.
Phil Reed, CEO of Pizza Hut Australia, disclosed the Pizza Hut Australia data breach in an email to customers on Wednesday, stating that the company detected unauthorized third-party access to a portion of its data in early September.
The cyber attack on Pizza Hut Australia exposed sensitive customer information, including names, email addresses, phone numbers, and delivery addresses, further amplifying customer apprehensions.
Furthermore, for individuals holding a Pizza Hut Australia user account, the breach also encompassed encrypted credit card information and securely stored one-way encrypted passwords.
Pizza Hut’s widespread presence of more than 250 restaurants across the country has raised concerns among its customer base.
Pizza Hut Australia data breach breakdown
Phil Reed, the CEO of Pizza Hut, disclosed, “In early September, we became aware of a cyber security incident where an unauthorized third party accessed some of the company’s data. At this stage, we have confirmed that the data impacted relates to customer record details and online order transactions held on our Pizza Hut Australia customer database.”
Mr. Reed reassured, “The credit card details we hold cannot be used to make fraudulent payments, and all credit card payments are processed securely by an approved payment platform.”
Upon promptly discovering the incident, Pizza Hut took immediate action to protect their customers.
They enlisted the expertise of forensic and cyber specialists and initiated a thorough investigation to determine the full scope of the breach and identify the data that was affected.
The company has also reported the cyber attack on Pizza Hut Australia to the Office of the Australian Information Commissioner.
In a reassuring tone, the email stated, “It is important to note that there is no evidence that your personal information has been misused, and the data we hold cannot by itself be used to commit identity theft or fraud.”
However, in light of this breach, Pizza Hut is urging its customers to exercise vigilance against any suspicious texts, emails, or phone calls. They advise verifying incoming communications by confirming the sender’s identity.
Pizza Hut Australia Data Breach Highlights Fast Food Cyberattack Surge
Regrettably, this Pizza Hut Australia data breach incident is not an isolated case. The corporate and public sectors of Australia have been grappling with a surge in cyber attacks, resulting in the compromise of millions of individuals’ data.
This cyber attack on Pizza Hut Australia mirrors a growing trend of hackers targeting large-scale restaurant chains.
In a related incident, Yum! Brands, the parent company of KFC, Pizza Hut, and Taco Bell, recently began notifying individuals whose personal information was stolen in a January 13 ransomware attack.
The breach exposed sensitive details such as names, driver’s license numbers, and other ID card information.
According to reports from GBHackers, the perpetrators, known as ShinyHunters, allegedly infiltrated Pizza Hut Australia’s systems utilizing Amazon Web Services (AWS) through multiple entry points.
They claimed to have exfiltrated over 30 million records, which include customer orders and the personal information of more than 1 million customers.
What’s particularly concerning is that ShinyHunters purportedly operated with stealth, evading detection throughout the entire intrusion.
As evidence, they provided DataBreaches with two sample files. The first file contained records of customer orders totaling 200,000 entries, each including a wide array of order details, customer information, and payment data.
The second file, a JSON document, encompassed the personal details of 100,000 customers, including names, email addresses, postal addresses, longitude, mobile phone numbers, passwords, service type (delivery or pickup), and even credit card numbers.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.