The Daily Swig Web security digest

Stuffed trust: Pizza Hut falls victim to US hack

James Walker | 17 October 2017 at 11:00

Fast food chain’s half-baked reaction led to fraudulent charges, customers say.

Data breaches among US restaurant chains show no sign of slowing in the second half of 2017, as Pizza Hut becomes the latest to announce a hack that customers say resulted in fraudulent card transactions.

The fast food restaurant chain and Yum! Brands subsidiary notified US customers over the weekend that its website was subject to a “temporary security intrusion” on October 1-2.

“We have learned that the information of some customers who visited our website or mobile application during an approximately 28-hour period… and subsequently placed an order may have been compromised,” the email read.

All users who placed an order online in this time window could be affected. And although Pizza Hut said the breach impacted less than 1% of visitors to its website over the course of the week, one diligent observer noted that this still amounts to 60,000 people.

While the stuffed crust specialist said it “identified the security intrusion quickly and took immediate action” to remedy the issue, it seems the two-week gap between Pizza Hut finding out about the breach and informing its customers was too late for some:


This isn’t the first time Pizza Hut has suffered a data breach. In 2012, a hacker stole the payment card details of 240,000 users.