Pizza Hut U.S. notified customers over the weekend a “temporary security intrusion” on PizzaHut.com, the security breach might have exposed payment card and contact information.
The popular restaurant chain notified users via email, according to Pizza Hut, the hackers had access to the website for a total of roughly 28 hours, between the morning of October 1, 2017 through midday on October 2, 2017.
“Pizza Hut has recently identified a temporary security intrusion that occurred on our website,” reads the email sent by Pizza Hut.
“We have learned that the information of some customers who visited our website or mobile application during an approximately 28-hour period (from the morning of October 1, 2017, through midday on October 2, 2017) and subsequently placed an order may have been compromised.”
“Pizza Hut identified the security intrusion quickly and took immediate action to halt it,” the company added. “The security intrusion at issue impacted a small percentage of our customers and we estimate that less than one percent of the visits to our website over the course of the relevant week were affected.”
All those users that placed an order in this time window could be affected, the company estimates that less than one percent of website visits during that week were impacted.
Some of those customers are angry because of the delay in the notification, some of them also faced problems with their payment cards.
— Peter Yoachim (@PeterYoachim) October 14, 2017
@pizzahut great security there & thanks for the delay in notifying us after thieves already charged our accts. Keep up the excellent work
— Michael Richardson (@marichardsonjr) October 14, 2017
— Dustin Falgout (@dustinfalgout) October 15, 2017
External cybersecurity consultants hired by the company determined that the attackers may have obtained information such as name, billing ZIP code, delivery address, email address, and payment card data, including card number, expiration date and CVV.
Pizza Hut estimates that less than one percent of website visits during that week were impacted.
“The security intrusion at issue impacted a small percentage of our customers and we estimate that less than one percent of the visits to our website over the course of the relevant week were affected,” read a message sent only to those affected. “That said, we regret to say that we believe your information is among that impacted group.”
A call center operator told McClatchy that about 60,000 people across the U.S. were affected.
The restaurant chain was already a victim of a security breach, in 2012 two hackers that went by the names of Oday and Pyknic defaced the company’s Australia website and claimed to have obtained roughly 260,000 Australian payment cards.
(Security Affairs – Pizza Hut, data breach)