American restaurant chain Pizza Hut has notified customers of a data breach that might have exposed some of their personal and financial information.
On 14 October, the Italian-American cuisine franchise wrote to a portion of its customer base about an “unauthorized third party intrusion” involving its website. Pizza Hut thinks that the incident might have affected individuals who placed an order using the company’s website or mobile application during the 28-hour period stretching from the morning of 1 October to around midday on 2 October. If that’s the case, it’s possible the event exposed customers’ personal and financial information including their names, street addresses, email addresses, and payment card details.
The food chain goes on to say in its letter that it’s since terminated the instance of unauthorized access:
“Pizza Hut identified the security intrusion quickly and took immediate action to halt it. The security intrusion at issue impacted a small percentage of our customers and we estimate that less than one percent of the visits to our website over the course of the relevant week were affected. That said, we regret to say that we believe your information is among that impacted group.”
A Pizza Hut call center operator confirmed that the intrusion is believed to have affected 60,000 customers, reports The Sacramento Bee.
Upon learning of the incident, more than a few of these consumers took to social media. Many vented their frustration about having learned of the data breach two weeks after it occurred.
— Peter Yoachim (@PeterYoachim) October 14, 2017
if you had sent that sooner, i could’ve been more proactive about the fact that you allowed my card and billing info to be stolen.
— ᴄᴏᴜʀᴛɴᴇʏ. (@runawaywithit) October 14, 2017
@pizzahut great security there & thanks for the delay in notifying us after thieves already charged our accts. Keep up the excellent work
— Michael Richardson (@marichardsonjr) October 14, 2017
Such a delay isn’t necessarily a bad thing, however. Pizza Hut could have waited to notify customers to prevent other hackers from learning of the data breach. It could also have decided to forestall disclosure until it knew exactly how many customers were involved and what kinds of information the incident might have compromised.
Anyone who has received a notice from Pizza Hut should watch their bank accounts and credit statements for suspicious activity. If any unauthorized transactions pop up, they should notify their card issuer immediately.
News of this incident follows several months after Arby’s Restaurant Group, Inc. confirmed a breach of its payment systems at its corporate restaurant locations.