Article Details
Scrape Timestamp (UTC): 2023-09-21 16:53:43.830
Original Article Text
Click to Toggle View
Pizza Hut Australia warns 193,000 customers of a data breach. Pizza Hut Australia is sending data breach notifications to customers, warning that a cyberattack allowed hackers to access their personal information. The notification warns that the hacker gained unauthorized access to Pizza Hut Australia systems storing sensitive info for customers who made online orders, as well as partial financial data and encrypted account passwords. "We became aware in early September of a cyber security incident where an unauthorized third party accessed some of the company's data," reads the notice sent to customers. "We have confirmed that the data impacted relates to customer record details and online order transactions held on our Pizza Hut Australia customer database." The information that has been exposed to the network intruders includes the following: The restaurant chain, which operates in 260 locations in Australia, says recipients of its notices "may wish to consider" updating their password despite being "one-way encrypted" in the database. Moreover, the notice urges customers to stay vigilant for phishing attacks and suspicious links sent to them via unsolicited communications. Ultimately, Pizza Hut says the incident only impacts a small number of its customers, and the Office of the Australian Information Commissioner (OAIC) has been fully informed about the situation. The exact number of impacted customers was disclosed via a statement from a Pizza Hut spokesperson to The Guardian, stating that the incident affected 193,000 people. Past incidents At the start of September 2023, DataBreaches reported that the notorious data broker 'ShinyHunters' made claims about stealing the data of 1 million customers of Pizza Hut Australia. The threat actor alleged they gained access via an unprotected Amazon Web Services (AWS) endpoint between July and August 2023, accessing a database with 30 million orders. Pizza Hut Australia never responded to these allegations, so it is unclear whether the two incidents are in any way related. Earlier this year, in January 2023, the owner of Pizza Hut, Yum! Brands, was targeted by a ransomware attack that forced the closure of three hundred locations in the United Kingdom. In April 2023, the firm confirmed that the threat actors had stolen employee information from its networks, albeit it found no evidence that customers were affected by the data breach.
Daily Brief Summary
Pizza Hut Australia has issued data breach notifications to 193,000 customers following a cyberattack that allowed hackers unauthorised access to their personal information.
Amongst the data breached were customer records and online transactions data stored on the Pizza Hut Australia customer database, potentially including partial financial information and encrypted account passwords.
Although the company stated that account passwords underwent "one-way encryption", affected customers are advised to update their passwords and stay vigilant for potential phishing attacks and suspicious links sent via unsolicited communications.
The company reported that the incident affected only a small number of customers and the Office of the Australian Information Commissioner (OAIC) has been fully informed about the situation.
In unrelated events, there were earlier claims by notorious data broker 'ShinyHunters' of stealing the data of 1 million customers from Pizza Hut Australia via an unprotected Amazon Web Services (AWS) endpoint between July and August 2023; however, it's unclear whether the recent breach is related to these allegations.
Earlier in 2023, Pizza Hut's parent company, Yum! Brands was targeted by a ransomware attack which led to the theft of employee information from its networks but there was no evidence to suggest customer data was impacted in this incident.