Pizza Hut Australia has suffered a data breach in which sensitive information on tens of thousands of its customers was stolen, according to a breach notification sent by the company to affected customers.
As per the reports, in early September 2023, Pizza Hut Australia learned of unknown threat actors breaching its systems and accessing its endpoints.
During the intrusion, the attackers stole sensitive data belonging to 193,000 restaurant customers, including full names, delivery addresses and instructions, email addresses, phone numbers, masked credit card data, and encrypted account passwords.
No indication of ransomware
Affected customers “may wish to consider” updating their passwords, the notification reads. However, there are more ways in which hackers can use this information, including identity theft and phishing. Users should also be wary of any emails claiming to come from Pizza Hut Australia.
The company informed the Office of the Australian Information Commissioner (OAIC) of the incident. Although not explicitly stated, it’s likely that relevant law enforcement organizations were notified, too. It claims that these 193,000 people only represent a “small number” of its customers.
The company also did not discuss the nature of the attack. Given that there are no records of its operations being halted or disrupted in any way, it’s safe to assume that this wasn’t a ransomware attack.
In newer times, ransomware attackers started refraining from deploying the encryptor, and instead just focus on data exfiltration. Apparently, developing, maintaining, and deploying an encryptor is too expensive and cumbersome, while the same results (financially) can be achieved by just stealing data.
There was also no word of any potential negotiations with the hackers. It’s also safe to assume that the data will leak to the dark web sooner or later.