Pizza Hut Australia hack: data breach exposes customer information and order details

Pizza Hut’s Australian operations have been hit by a cyber-attack, the company says, with customer data including delivery addresses and order details stolen in the hack.

In an email to customers on Wednesday, Pizza Hut Australia’s chief executive, Phil Reed, said the company became aware in early September that there had been “unauthorised third party” access to some of the company’s data.

“We secured our systems, engaged forensic and cybersecurity specialists and initiated an ongoing investigation to help us understand what occurred, and identify the data that was impacted,” he said.

Reed said the data obtained includes customer details and online order details from Pizza Hut’s customer database, including names, delivery address and instructions, email addresses and contact numbers.

For registered accounts, it would also include encrypted credit card numbers and encrypted passwords.

He said operations had not been affected by the hack, and that the breach had been reported to the Office of the Australian Information Commissioner.

In a statement, a spokesperson for Pizza Hut Australia said the company believes about 193,000 customers have been affected by the breach.

“We have contacted these customers to advise them of the incident and the steps they can take to protect their information and avoid potential scams,” a spokesperson said.

skip past newsletter promotion

The company did not answer questions on how far back the data obtained dates to.

A data breaches website reported earlier this month that it had obtained a sample of the customer data from the alleged hackers, which aligns with the types of data Pizza Hut said was stolen, including encrypted credit card information and hashed passwords.

Pizza Hut has 260 stores around Australia. In June, the Australian private equity firm Allegro Funds sold Pizza Hut Australia to the US-based Flynn Restaurant Group after a restructure of the business.