Skip to main content

Pizza Hut Australia Suffers Data Breach, But How Bad Is It?

The pizzeria claims approximately 193k customers were affected by a breach it noticed in early September, however, ShinyHunters claims it infiltrated the company’s systems undetected for more than a month and has stolen information on approximately 1M customers.
Pizza Hut Australia Exterior
Advertisement - article continues below

Numerous news outlets are reporting that Pizza Hut Australia, which operates approximately 260 outlets, was the victim of a data breach in early September.  In an email sent to customers, Pizza Hut Australia said it noticed the breach in September and was working with forensic and cybersecurity specialists to help determine how attackers were able to hack their systems and identify what data was stolen.

So far, the company has confirmed that impacted information includes customer names, contact details, encrypted card numbers and passwords. The company indicated that the data breach did not affect its daily operations and advised customers to remain vigilant for phishing attacks and online scams.

But Maybe It’s Much Worse

Pizza Hut Australia has not yet provided any information on the identity of the threat actor, the exposed data’s timespan, or whether ransom demands were made. However, ShinyHunters claims to have infiltrated Pizza Hut Australia’s systems one to two months ago via Amazon Web Services. They claim their presence went completely undetected during this period of unauthorized access.

So, the question becomes – was Pizza Hut Australia breached twice in the same time frame and it only noticed one of the breaches? Or is someone not being entirely accurate with the truth? It’s important to note that ShinyHunters says they exfiltrated 30 million records which affect about 1 million customers. That’s far more than the 193,000 customers that Pizza Hut Australia claims are affected. And ShinyHunters has issued a ransom demand of $300k in exchange for deleting the compromised data. News outlets report that Pizza Hut has not responded to their ransom demand.

This ad will auto-close in 10 seconds