We became aware in early September of a cyber security incident where an unauthorised third party accessed some of the company’s data. At this stage of our investigation, we have confirmed that the data impacted relates to customer record details and online order transactions held on our Pizza Hut Australia customer database. This includes information such as a customer’s name, delivery address and instructions, email address and contact number, as well as unusable masked credit card data and secure one-way encrypted password (for customers with online accounts).
From our investigation and the steps taken in response to the incident, we believe there is only a small proportion of customers on our database whose personal information has been impacted. We have notified these customers as well as the Office of the Australian Information Commissioner (OAIC) of the incident.
Pizza Hut - Cyber Incident
Last edited 20/09/2023 - 13:26 by 1 other user
Related Stores
Comments
Free (upgradable) value pizza (pickup only) (sorry about your info getting hacked lol)
What freebie did Shopback give? ahaha
$3 or something.
$3 better than any other place that had a cyber incident (optus, medibank, etc)
@mrshorty: If that's your price to forgive having all your personal information, passwords, bank account numbers and partial credit card numbers stolen.
@Clear: Its not ideal but finding more and more places getting breached these days with some just giving an apology
@mrshorty: 10 years ago there was no obligation to even disclose such breaches. You're only hearing about them now because they have to.
What does this mean for people like me who log in via apple ID with the email obfuscation/forwarding?
Assuming you've never used that particular email alias for anything else, nothing.
If you notice more spam coming in from that alias, you can delete it and regenerate a new one.
Make sure you're not one of the idiots who still aren't using a password manager with uniquely generated passwords for every account in 2023.
I'm assuming you're already doing this since you're also protecting your main email address with disposable email aliases.
KeePass, and my databases are kept off-cloud ;)
Thanks for the info, I'll have a look for how to regenerate the aliases.
Found an idiot.
If you did a modicum of research, you would realise cloud sync and cross platform support are features on many password managers.
You would also realise that KeePass is one of many password managers and is not the only option.
If you have no idea what you're talking about, then don't bother talking.
@Ash Bowden: The entire point of a password manager is to remember one password and have randomly generated passwords for everything else so you can have security without having to memorise a large number of unique passwords.
If you did ANY research at all on password managers, you'd know this.
Looking forward to the day when you get caught in a data breach and have all your accounts compromised from using one password for everything.
What a Luddite.
Pizza who?
Hut.
It's right there.
Feel better?
You are receiving this email as you have made an online order with Pizza Hut Australia. This is not a marketing or promotional email from Pizza Hut Australia. Please read this important information carefully.
Dear Customer,
I am writing to you as a valued customer of Pizza Hut Australia to tell you about a cyber security incident that has impacted a small proportion of our customers.
What happened?
We became aware in early September of a cyber security incident where an unauthorised third party accessed some of the company’s data. At this stage of our investigation, we have confirmed that the data impacted relates to customer record details and online order transactions held on our Pizza Hut Australia customer database. This includes information such as a customer’s name, delivery address and instructions, email address and contact number, as well as unusable masked credit card data and secure one-way encrypted password (for customers with online accounts).
From our investigation and the steps taken in response to the incident, we believe there is only a small proportion of customers on our database whose personal information has been impacted. We have notified these customers as well as the Office of the Australian Information Commissioner (OAIC) of the incident.
Why are we telling you?
Based on our investigation and the steps we have taken to remediate the incident, you are not one of the small number of customers whose personal information has been impacted.
However, out of an abundance of caution we wanted to alert you to the incident, and take the opportunity to remind you of steps you can take to protect your information and avoid potential scams:
• Remain alert to any suspicious emails and SMS or telephone communications that are disguised to look like they come from someone you know or trust. Pizza Hut only sends you emails from [email protected], [email protected] or [email protected].
• Verify communications by confirming the identity of the sender. This includes checking email names and domains, by hovering your mouse over the sender’s email address.
• Do not open links that look suspicious. If you are unsure about a link sent to you by a company, you should go to the company’s website and look for the product or service that was offered.
• Be alert to phishing scams. This could include scams that target you through post, phone or email. Phishing scams are attempts by scammers to trick people into providing their personal information, including passwords, credit card numbers and/or sensitive personal information. Get further information about how to avoid scams at www.scamwatch.gov.au.
• While this isn’t a necessity as our passwords are secured with one-way encryption, you may wish to consider updating your Pizza Hut Australia password.
• Get further information about online safety, cyber security and helpful tips at www.cyber.gov.au.
• Read our Privacy Policy on our website here: https://www.pizzahut.com.au/privacy to learn more about how we handle the personal information we collect about you and how to reach out about your privacy.
Our investigation is continuing, and we will update you if any additional relevant information becomes available.
Our thanks and apologies
We value all our customers across Australia and all of us at Pizza Hut Australia thank you for your ongoing support. We understand the trust you place in us and I sincerely apologise for any concern that this incident may have caused.
Yours sincerely,
Phil Reed
Chief Executive Officer
Pizza Hut AustraliaFirst mentioned here
The main things to be concerned about are:
- Name if you provide your real name to Pizza Hut,
- Delivery address if you've ever ordered delivery or provided your address to Pizza Hut in some other way,
- Email address if you gave them your primary email address and don't use a disposable email alias/obfuscation service,
- Contact number, similar situation to email, expect more spam calls + texts,
- "Unusable masked" credit card data,
- "Secure one-way encrypted" passwords.
Those last 2 are in quotes because you're essentially trusting Pizza Hut's IT team to be able to accurately tell whose data has or hasn't been accessed.
You're also trusting them that the credit card data was masked correctly and cannot be reversed.
Same goes for the password encryption.
So a potential cyber criminal would be able to match your name with your address, email address and contact number. That can be pretty bad if you used your real name with your primary email address and primary mobile number.
You can ask your financial institution for a new card with a new number if you're feeling cautious or just monitor existing cards for weird transactions if you're not.
If you're one of the idiots who are still not using password managers for uniquely generated passwords for every account in 2023 and are still using the same password for everything, including Pizza Hut, you should change all your passwords now, starting with the most important first (primary email/s and financial institution logins).
The "instructions" are just the text field where you can type a message to the pizza chefs if you like your pizza a particular way. I don't think most people use this. I bet most of the messages are just insults, jokes and other rude stuff.
You can trust our encryption and credit card storage practices because of the professionalism of our security team (who has just been popped).
What if my life insurers gather information on just how much pepperoni I am consuming?
"The main things to be concerned about are:"
so basically everything
We should organize a class action suit. I want more free pizzzaaa 🍕
Another one bites the crust.
Someone's going to make some dough with all this info.
After Latitude I didn't really knead this.
Anyway, try and have a slice day.
I doubt anyone will be topping your post.
It's big and it's cheesy
I just got this email from the hackers.
We have your dirty secret. Pay us $10,000AUD in Bitcoin or we will tell all your friends that you have pineapple 🍍 on your pizza.
Just pay it. Not worth the loss of dignity.
Pineapple on pizza is the key to my heart. Or at least according to my wife.
We have your dirty secret
you order anchovies!! how could you?
All your salamis are belong to us!
This is why I only purchase online with stolen credit card numbers
same.
and i got it delivered to my stolen house, signed delivery proof by my stolen gf
Not the first time Pizza Hut has been unable to keep personal information secure.
If you wanted to check if your email has been part of a breach
https://haveibeenpwned.com/DEAL: Domino’s – $3.99 Large Pepperoni Pickup at Selected Stores (20 September 2023)
Hacker handle:
4d65696a446f6e3833
The email address I use for Pizza Hut was pwned long ago MyHeritage + Myspace + Twitter + several world of Warcraft pirated servers. It's used for stuff that I don't overly trust. Add this to the dominos one (hi it's Wendy/Sarah are you near X?) and I guess they will know that I really like pizza. lol
come on Domino you can do it
What is the status of my information?
From our investigation and the steps taken in response to the incident, we believe you are one of a small proportion of customers whose personal information has been impacted. >That said, it is important to note that there is no evidence that your personal information has been misused, and the data we hold cannot by itself by used to commit identity theft or fraud.
I'd better be getting a free pizza out of this.
If they pull a Shopback and give everyone a freebie, like a pizza everyone will forgive and forget quickly.