Pizza Hut Got Hacked And Waited Two Weeks To Let Customers Know

On October 1st, Pizza Hut got hacked, compromising the names, personal info, and payment settings of at least 60,000 people. Those that placed orders on the Hut’s website or mobile app between that morning and midday October 2nd had their data exposed to hackers. Roughly less than one percent of that information was taken.

Pizza Hut didn’t let their customers know about the breach until nearly two weeks after the initial security breach occurred, which has pissed off those affected.

Photo: Ed! at English Wikipedia

Instead of going public to reveal that they had been hacked, Pizza Hut instead reached out via e-mail to customers they believed may have been financially compromised by the breach. The notice of the “temporary security intrusion” said that it “impacted a small percentage of our customers” but that “we regret to say that we believe your information is among that [affected] group.”

Naturally, customers weren’t happy to learn about the breach weeks after it occurred, which was enough time for the hackers to have utilized several of their monetary resources.

Hey @pizzahut, thanks for telling me you got hacked 2 weeks after you lost my cc number. And a week after someone started using it.#timely

— Peter Yoachim (@PeterYoachim) October 14, 2017

so @pizzahut sent an email today about a breach that occurred 2 weeks ago. their delay resulted in my bank acct being drained thx to fraud.

— ᴄᴏᴜʀᴛɴᴇʏ. (@runawaywithit) October 14, 2017

#infosechttps://t.co/Zx8FMzra65
Equifax – wait a while to tell customers they’ve been hacked
Pizzahut – Hold my beer

— Charles R. Smith🔹 (@softwarnet) October 17, 2017

For those wondering why Pizza Hut would take such a long time to respond, it largely has to do with the company determining just how big the breach really was. Companies need time to determine the size of the intrusion, what information is affected, and how serious the data loss is. Additionally, if a hack is reported right away, it could give others time to potentially break into Pizza Hut’s servers and score some info for themselves.

Pizza Hut is utilizing a variety of solutions to alleviate the data loss. They’re working with outside cybersecurity firms to prevent repeats of this hack, and also offering free credit monitoring for a year to all of those affected, the Miami Herald reports.

Still, if Twitter is any indication, many of Pizza Hut’s customers would have appreciated receiving notices a little earlier than they did.