Pizza Hut Australia has become the latest business to suffer a data breach with the fast food chain telling 193,000 customers their personal information – including names, email addresses, delivery locations and order instructions – had been disclosed.
In an email sent to affected consumers earlier this week the company said it had become aware of the “cybersecurity incident” in early September stating it was “a small proportion of customers” and that credit card and password details had not been disclosed.
According to the Databreaches.net website, the ShinyHunters blackhat hacker group claims to have demanded $300,000 to delete over a million records accessed through misconfigured AWS instances.
If true, Pizza Hut Australia would not be the first Australian business to fall victim to ShinyHunters after the group compromised Melbourne founded NitroPDF in 2021. Other notable targets of the group include Microsoft, Mashable and AT&T Wireless.
Pizza Hut Australia joins a growing list of Australian businesses hit by data breaches. Last week, bookseller Dymocks blamed an ‘external data partner’ for a breach that saw 1.2m customers’ data leaked to the dark web while financial services provider Latitude Financial reported it had suffered $76m in losses after March’s breach of up to 14 million customers’ records, including passport and divers license details.
Earlier this year, Medibank was forced to set aside $250m in contingency funds by the Australian Prudential and Regulation Authority following their 2022 cyber security incident which exposed 9.7 million consumers’ details while the fallout from last year’s Optus breach that saw two million people’s personal information disclosed continues.
More concerningly, uncertainty remains over exactly what government data was accessed in the HWL Ebsworth breach with affected at least forty department agencies including the National Disability Insurance Scheme, the federal Fair Work Ombudsman, certain Defence projects and, ironically, the Office of the Australian Information Commissioner.
The breach at Pizza Hut Australia does not affect the global Pizza Hut brands with the local master franchise being owned by US based Flynn Restaurant Group after local private equity firm Allegro Funds sold the operation to the California headquartered company earlier this year.