Numerous news outlets are reporting that Pizza Hut Australia, which operates approximately 260 outlets, was the victim of a data breach in early September. In an email sent to customers, Pizza Hut Australia said it noticed the breach in September and was working with forensic and cybersecurity specialists to help determine how attackers were able to hack their systems and identify what data was stolen.
So far, the company has confirmed that impacted information includes customer names, contact details, encrypted card numbers and passwords. The company indicated that the data breach did not affect its daily operations and advised customers to remain vigilant for phishing attacks and online scams.
But Maybe It’s Much Worse
Pizza Hut Australia has not yet provided any information on the identity of the threat actor, the exposed data’s timespan, or whether ransom demands were made. However, ShinyHunters claims to have infiltrated Pizza Hut Australia’s systems one to two months ago via Amazon Web Services. They claim their presence went completely undetected during this period of unauthorized access.
So, the question becomes – was Pizza Hut Australia breached twice in the same time frame and it only noticed one of the breaches? Or is someone not being entirely accurate with the truth? It’s important to note that ShinyHunters says they exfiltrated 30 million records which affect about 1 million customers. That’s far more than the 193,000 customers that Pizza Hut Australia claims are affected. And ShinyHunters has issued a ransom demand of $300k in exchange for deleting the compromised data. News outlets report that Pizza Hut has not responded to their ransom demand.