Pizza Hut Australia suffered a data breach that saw sensitive information about tens of thousands of its customers stolen, according to a breach notification the company sent to affected customers.
According to the reports, in early September 2023, Pizza Hut Australia learned that unknown threat actors were breaching its systems and gaining access to its endpoints.
During the breach, the attackers stole sensitive data from 193,000 restaurant customers, including full names, delivery addresses and instructions, email addresses, phone numbers, masked credit card information, and encrypted account passwords.
No indication of ransomware
Affected customers “may consider” updating their passwords, the notice said. However, there are more ways hackers can use this information, including identity theft and phishing. Users should also be wary of emails claiming to be from Pizza Hut Australia.
The company notified the Office of the Australian Information Commissioner (OAIC) of the incident. Although not explicitly stated, it is likely that the relevant law enforcement organizations have also been notified. It claims that these 193,000 people represent only a “small number” of its customers.
The company also did not elaborate on the nature of the attack. Since there is no record of any cessation or disruption of operations, it is safe to assume that this was not a ransomware attack.
In newer times, ransomware attackers started to refrain from deploying the encryptor and instead focused only on data exfiltration. Apparently developing, maintaining and deploying an encryptor is too expensive and cumbersome, while the same results (financially) can be achieved by just stealing data.
There was also no word on possible negotiations with the hackers. It’s also safe to assume that the data will leak to the dark web sooner or later.
Through BleepingComputer