Pizza Hut U.S. informed customers over the weekend that their payment card and contact information may have been compromised after cybercriminals breached its website.
Emails sent out by the restaurant chain to affected individuals describe the incident as a “temporary security intrusion” on PizzaHut.com.
According to the company, the hackers only had access to the site between the morning of October 1, 2017 through midday on October 2, 2017 for a total of roughly 28 hours. Customers who used the Pizza Hut website or mobile app to place an order during this period could be affected.
Pizza Hut said the breach was quickly detected and addressed, and it estimates that less than one percent of website visits during that week were impacted. McClatchy learned that roughly 60,000 people across the United States are affected by the incident.
The restaurant chain said its external cybersecurity consultants determined that the attackers may have obtained information such as name, billing ZIP code, delivery address, email address, and payment card data, including card number, expiration date and CVV.
Affected customers are being offered free credit protection services for one year. However, several people reported on social media that their payment cards have already been used for fraudulent transactions, possibly as a result of this breach.
While it’s not uncommon for companies to inform customers of a breach only after completing at least an initial assessment, some of the individuals who reported seeing unauthorized charges on their cards are displeased with the fact that it took Pizza Hut two weeks to send out the notifications.
This was not the first time hackers targeted Pizza Hut. Back in 2012, a group defaced the company’s Australia website and claimed to have obtained roughly 240,000 Australian payment cards.
Several major restaurant chains reported suffering a data breach in the past months, including Sonic Drive-In, Wendy’s, Cicis, Arby’s, Chipotle, Shoney’s, and Noodles & Company.
Related: Amazon’s Whole Foods Investigating Payment Card Breach
Related: Kmart Payment Systems Infected With Malware
Related: Over 200 Brooks Brothers Stores Hit by Payment Card Breach
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
- Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
- Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
- OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
Latest News
- Chrome 114 Released With 18 Security Fixes
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
- Breaking Enterprise Silos and Improving Protection
- Spyware Found in Google Play Apps With Over 420 Million Downloads
- Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability
- Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
- PyPI Enforcing 2FA for All Project Maintainers to Boost Security
- Personal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack
