Pizza Hut Australia is sending data breach notifications to customers, warning that a cyberattack allowed hackers to access their personal information.
The notification warns that the hacker gained unauthorized access to Pizza Hut Australia systems storing sensitive info for customers who made online orders, as well as partial financial data and encrypted account passwords.
“We became aware in early September of a cyber security incident where an unauthorized third party accessed some of the company’s data,” reads the notice sent to customers.
“We have confirmed that the data impacted relates to customer record details and online order transactions held on our Pizza Hut Australia customer database.”
The information that has been exposed to the network intruders includes the following:
- Full name
- Delivery address
- Delivery instructions
- Email address
- Phone number
- Masked credit card data
- Encrypted passwords for online accounts
The restaurant chain, which operates in 260 locations in Australia, says recipients of its notices “may wish to consider” updating their password despite being “one-way encrypted” in the database.
Moreover, the notice urges customers to stay vigilant for phishing attacks and suspicious links sent to them via unsolicited communications.
Ultimately, Pizza Hut says the incident only impacts a small number of its customers, and the Office of the Australian Information Commissioner (OAIC) has been fully informed about the situation.
The exact number of impacted customers was disclosed via a statement from a Pizza Hut spokesperson to The Guardian, stating that the incident affected 193,000 people.
Past incidents
At the start of September 2023, DataBreaches reported that the notorious data broker ‘ShinyHunters’ made claims about stealing the data of 1 million customers of Pizza Hut Australia.
The threat actor alleged they gained access via an unprotected Amazon Web Services (AWS) endpoint between July and August 2023, accessing a database with 30 million orders.
Pizza Hut Australia never responded to these allegations, so it is unclear whether the two incidents are in any way related.
Earlier this year, in January 2023, the owner of Pizza Hut, Yum! Brands, was targeted by a ransomware attack that forced the closure of three hundred locations in the United Kingdom.
In April 2023, the firm confirmed that the threat actors had stolen employee information from its networks, albeit it found no evidence that customers were affected by the data breach.