Pizza Hut have confirmed that hackers hacked into their website and stole financial information of ‘some’ customers earlier this month.
Customers who placed orders on Pizza Hut’s website and app during a 28-hour period between October 1 & 2 had their details stolen by hackers.
From Pizza Hut’s statement, it appears that hackers were able to gain complete access to the fast-food retail chain’s website and app, so much so that they could access financial information of every customer who visited the site or app and placed an order within the 28-hour period.
“Pizza Hut has recently identified a temporary security intrusion that occurred on our website. We have learned that the information of some customers who visited our website or mobile application during an approximately 28-hour period (from the morning of October 1, 2017, through midday on October 2, 2017) and subsequently placed an order may have been compromised,” said Pizza Hut in an e-mail to affected customers.
“Pizza Hut identified the security intrusion quickly and took immediate action to halt it. The security intrusion at issue impacted a small percentage of our customers and we estimate that less than one percent of the visits to our website over the course of the relevant week were affected,” it added.
Pizza Hut added that the data breach affected a very small percentage of customers who placed online orders during the relevant week. However, they are yet to disclose the actual number of customers affected by the breach.
‘With data breaches inflicting such damaging effects on organisations, both financially and reputationally, businesses across all industries need to ensure they are employing foolproof encryption measures as a core part of their wider cyber security strategy,’ says Peter Carlisle, VP for EMEA at Thales eSecurity.
‘The upcoming implementation of the EU GDPR threatens to impose hefty fines on those organisations who fail to protect themselves sufficiently against these breaches, meaning cyber security must be far more than an after-thought and instead be a top priority for contemporary businesses,’ he adds.
The UK’s upcoming Data Protection law, which according to Digital Minister Matt Hancock will ‘give people more control over their data, require more consent for its use, and prepare Britain for Brexit’, will empower the Information Commissioner’s Office to issue fines of up to £17m, or 4% of a company’s global turnover.
Once the new law comes into effect, companies will be required to obtain explicit consent from people before collecting their personal data or storing them for any purpose. Aside from personal information like names, addresses, email addresses, phone numbers and government ID numbers, such data will also include IP addresses, DNA, and cookies.
At the same time, companies will have to respect any customer’s request to have his data amended or deleted from their servers. Consent will not be permanent and citizens will be able to withdraw their consent anytime they wish to do so.