Pizza Hut notifies card breach while users have already reported fraudulent transactions

Pierluigi Paganini October 16, 2017

Pizza Hut U.S. notified customers over the weekend a “temporary security intrusion” on PizzaHut.com that exposed payment card and contact information.

Pizza Hut U.S. notified customers over the weekend a “temporary security intrusion” on PizzaHut.com, the security breach might have exposed payment card and contact information.

The popular restaurant chain notified users via email, according to Pizza Hut, the hackers had access to the website for a total of roughly 28 hours, between the morning of October 1, 2017 through midday on October 2, 2017.

“Pizza Hut has recently identified a temporary security intrusion that occurred on our website,” reads the email sent by Pizza Hut.

“We have learned that the information of some customers who visited our website or mobile application during an approximately 28-hour period (from the morning of October 1, 2017, through midday on October 2, 2017) and subsequently placed an order may have been compromised.”

“Pizza Hut identified the security intrusion quickly and took immediate action to halt it,” the company added. “The security intrusion at issue impacted a small percentage of our customers and we estimate that less than one percent of the visits to our website over the course of the relevant week were affected.”

Pizza Hut Email security breach

All those users that placed an order in this time window could be affected, the company estimates that less than one percent of website visits during that week were impacted.

Some of those customers are angry because of the delay in the notification, some of them also faced problems with their payment cards.

https://twitter.com/marichardsonjr/status/919288658708049921

External cybersecurity consultants hired by the company determined that the attackers may have obtained information such as name, billing ZIP code, delivery address, email address, and payment card data, including card number, expiration date and CVV.

Pizza Hut estimates that less than one percent of website visits during that week were impacted.

“The security intrusion at issue impacted a small percentage of our customers and we estimate that less than one percent of the visits to our website over the course of the relevant week were affected,” read a message sent only to those affected. “That said, we regret to say that we believe your information is among that impacted group.”

A call center operator told McClatchy that about 60,000 people across the U.S. were affected.

The restaurant chain was already a victim of a security breach, in 2012 two hackers that went by the names of Oday and Pyknic defaced the company’s Australia website and claimed to have obtained roughly 260,000 Australian payment cards.

Many other restaurant chains reported suffering a security breach in the past months, including  Arby’sChipotleWendy’s, and Sonic Drive-In.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Pizza Hut, data breach)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment