Fast food giant Pizza Hut Australia has claimed it has been hit by a cyber security incident, where “an unauthorised third party accessed some of the company’s data”.
Chief executive officer Phil Reed said in an email to customers today the company became aware of the incident “in early September”, with the data impacted including customer record details and online order transactions held on the Australian customer database.
“This includes information such as a customer’s name, delivery address and instructions, email address, and contact number,” Reed said.
“If you have a Pizza Hut Australia user account, it also includes unusable masked credit card details and secured one-way encrypted passwords.
“The credit card details we hold cannot be used to make fraudulent payments and all credit card payments are processed securely by an approved payment platform.
“Our day-to-day operations are not impacted and we are continuing to securely process orders online or over the phone for our customers.”
The fast food company said it took “immediate action to protect our customers” when it became aware of the incident, which it said impacted “a small proportion of customers”.
“We secured our systems, engaged forensic and cyber security specialists and initiated an ongoing investigation to help us understand what occurred, and identify the data that was impacted,” the email said.
The company has formally notified the Office of the Australian Information Commissioner of the data breach and contacted other current customers in their database “as a precaution” to inform them of the incident and provide information to protect their personal details.
“It is important to note that there is no evidence that your personal information has been misused, and the data we hold cannot by itself by used to commit identity theft or fraud,” the email said.
Customers are being asked to remain alert to any suspicious texts, emails or phone calls that are “disguised to look like they come from someone you know or trust”.
“Verify communications by confirming the identity of the sender,” the email said.
“This includes checking email names and domains, by hovering your mouse over the sender’s email address.
“Do not open links that look suspicious.
“If you are unsure about a link sent to you by a company, you should go to the company’s website and look for the product or service that was offered.”
The company also told customers to be alert to phishing scams and consider updating their passwords to their Pizza Hut accounts.