Restaurant chain Pizza Hut was breached and waited two weeks before announcing its customers via email that it suffered a “temporary security intrusion.” Even before the announcement, users had reported on Twitter numerous fraudulent transactions from their accounts, suspecting a breach.
A hacker is reported to have stolen names, billing ZIP codes, delivery addresses, email addresses and payment card information, like account number, expiration date and CVV numbers of Pizza Hut customers, while the company assures that less than 1 percent of customers were actually affected.
“Pizza Hut has recently identified a temporary security intrusion that occurred on our website,” reads the email.
“We have learned that the information of some customers who visited our website or mobile application during an approximately 28-hour period (from the morning of October 1, 2017, through midday on October 2, 2017) and subsequently placed an order may have been compromised.”
“Pizza Hut identified the security intrusion quickly and took immediate action to halt it. The security intrusion at issue impacted a small percentage of our customers and we estimate that less than one percent of the visits to our website over the course of the relevant week were affected.”
All customers who made orders through the website of mobile app between October 1 and 2 are advised to monitor their accounts and reach out to their banks, as they may have fallen victim to the breach.
This was not the first time Pizza Hut fell victim to a cyberattack, as the first data breach took place in 20112, when the card details for 240,000 customers were leaked.