Pizza Hut Australia confirms major data breach

SafeWise experts have years of firsthand experience testing the products we recommend. Learn how we test and review

Bell
UPDATE

20/09/23: Pizza Hut Australia has today confirmed the breach and issued a statement to customers, more than two weeks after SafeWise first reported the cyber attack.

In an email to customers, Pizza Hut Australia Chief Executive Officer Phil Reed claimed the incident only impacted a "small proportion" of customers, but apologised for any concern that it may have caused.

"We became aware in early September of a cyber security incident where an unauthorised third party accessed some of the company’s data," The email reads.

"At this stage of our investigation, we have confirmed that the data impacted relates to customer record details and online order transactions held on our Pizza Hut Australia customer database. This includes information such as a customer’s name, delivery address and instructions, email address and contact number, as well as unusable masked credit card data and secure one-way encrypted password (for customers with online accounts)."

"From our investigation and the steps taken in response to the incident, we believe there is only a small proportion of customers on our database whose personal information has been impacted. We have notified these customers as well as the Office of the Australian Information Commissioner (OAIC) of the incident."


Pizza Hut Australia has reportedly suffered a major data breach, with more than one million customers believed to be affected.

According to DataBreaches.net, the hacker group ShinyHunters gained access to 30 million order records via AWS (Amazon Web Services) as well as information on more than a million Pizza Hut Australia customers between one and two months ago.

To prove their claims, the hacker group provided DataBreaches with a sample file of 200,000 records containing sensitive customer information such as names, email addresses, passwords, home addresses, mobile numbers and credit card numbers. Fortunately, the credit card numbers and passwords were encrypted, but all other fields were in plain text.

ShinyHunters are demanding $300,000 to delete the data but have reportedly not received a response. If the ransom is not paid, it is highly likely (given the group's history) that the data will be leaked or sold.

Pizza Hut Australia has yet to confirm the breach and no notice has been given to customers as yet.

SafeWise Australia has reached out to the company for comment and will update if and when we receive a response.

The alleged hack is another in a long line of data breaches targeting Australians in the last year, many of whom are still on high alert after the Optus and Medibank cyberattacks.

Georgia Dixon
Written by
Georgia Dixon
Georgia Dixon has 10 years of experience writing about all things tech, entertainment and lifestyle. She has bylines on Reviews.org, 7NEWS, Stuff.co.nz and in TechLife magazine, and in 2023 she won Best News Writer at the Consensus IT awards. In her spare time, you'll find her playing games and daydreaming about good food, wine, and dogs.

Recent Articles