Data breach reveals distressing info: People who order pineapple on pizza
Pizza Hut Australia says 190,000 customers' info – including order history – has been accessed
Pizza Hut's Australian outpost has suffered a data breach.
The baked goods purveyor has delivered bitter news to around 190,000 customers: that their name, delivery address, email address, and phone numbers have been accessed by unautorised entities.
Even more seriously, pizza order histories have also leaked.
Yes, dear reader – that means the bad guys have seen a database of people who like pineapple on their pizzas.
We can only hope that whoever lifted the data doesn't devise some horrible extortion scheme, threatening to reveal that shameful secret to the victims' loved ones and employers.
Pizza Hut's Australian operation told customers it learned of the incident in early September and described it as "unauthorized third party" access to a subset of its data.
"We secured our systems, engaged forensic and cyber security specialists and initiated an ongoing investigation to help us understand what occurred, and identify the data that was impacted," explained the Hut's Down Under CEO Phil Reed.
This is not the first time the fauxtalian restaurant chain has been burned by cyber crims. Its UK and US presences were melted by ransomware in January 2023, and in 2019 it warned customers after some loyalty scheme accounts were compromised.
In 2017, Pizza Hut USA suffered "a temporary security intrusion" that saw some customers' credit card numbers leak.
- Why Feed.Me.Pizza will never exist: Inside the world of government vetoes and the internet
- Should AI get to choose a topping in a two pizza team?
- Morrisons launches bizarre Yorkshire Pudding pizza thing
- DevOps hype? Sometimes a pizza really is just a pizza
Quality infosec appears not be a "fries with that" (or in this case garlic bread) add-on for fast food chains. A search of The Register's archives also turns up a 2016 attack on KFC's loyalty scheme, a 2023 privacy SNAFU at McDonald's South Korea that saw the burger chain fined $530,000 for storing customer data on an unsecured SMB share, unauthorized employee biometric data collection at White Castle and unnecessary customer location data harvesting at Tim Horton's.
We've also seen Burger King sending spam – which is at least preferable to serving it.
Clearly, plenty of fast food chains are willing to match their crimes against the culinary arts with poor infosec hygiene.
Only Pizza Hut, however, also does offensive things with pineapples. We hope. ®