Pizza Hut Australia warns 193,000 customers of a data breach



The information that has been exposed to the network intruders includes the following:

• Full name
• Delivery address
• Delivery instructions
• Email address
• Phone number
• Masked credit card data
• Encrypted passwords for online accounts

The restaurant chain, which operates in 260 locations in Australia, says recipients of its notices "may wish to consider" updating their password despite being "one-way encrypted" in the database.

Moreover, the notice urges customers to stay vigilant for phishing attacks and suspicious links sent to them via unsolicited communications.

Ultimately, Pizza Hut says the incident only impacts a small number of its customers, and the Office of the Australian Information Commissioner (OAIC) has been fully informed about the situation.

The exact number of impacted customers was disclosed via a statement from a Pizza Hut spokesperson to The Guardian, stating that the incident affected 193,000 people.

Past incidents

At the start of September 2023, DataBreaches reported that the notorious data broker 'ShinyHunters' made claims about stealing the data of 1 million customers of Pizza Hut Australia.

The threat actor alleged they gained access via an unprotected Amazon Web Services (AWS) endpoint between July and August 2023, accessing a database with 30 million orders.

Pizza Hut Australia never responded to these allegations, so it is unclear whether the two incidents are in any way related.

Earlier this year, in January 2023, the owner of Pizza Hut, Yum! Brands, was targeted by a ransomware attack that forced the closure of three hundred locations in the United Kingdom.

In April 2023, the firm confirmed that the threat actors had stolen employee information from its networks, albeit it found no evidence that customers were affected by the data breach.

Source: bleepingcomputer.com