Pizza Hut got hacked but waited two weeks to tell its customers
First, it was Sonic, now restaurant chain Pizza Hut has reported that it got hacked, too.
The company emailed a select group of customers on Saturday to inform them that their personal information may have compromised in an early October hack.
According to the email, shared on social media by some of the victims, Pizza Hut classified it as a “temporary security intrusion,” that was carried out between the morning of Oct. 1 and midday Oct. 2, which affected information of some customers who visited its website or mobile app during the 28-hour period.
“The security intrusion at issue impacted a small percentage of our customers and we estimate that less than one percent of the visits to our website over the course of the relevant week were affected. That said, we regret to say that we believe your information is among that impacted group,” the company wrote in the email.
Yet, many customers unleashed their frustration on the company on Twitter, for not notifying them sooner but instead waiting two weeks, giving hackers time to use their information.
Peter Yoachim tweeted, “Hey Pizza Hut, thanks for telling me you got hacked two weeks after you lost my CC number. And a week after someone started using it. #timely.”
Hey @pizzahut, thanks for telling me you got hacked 2 weeks after you lost my cc number. And a week after someone started using it.#timely
— Peter Yoachim (@PeterYoachim) October 14, 2017
Another customer tweeted that her bank account has been drained as a result of the hack.
so @pizzahut sent an email today about a breach that occurred 2 weeks ago. their delay resulted in my bank acct being drained thx to fraud.
— ᴄᴏᴜʀᴛɴᴇʏ. (@runawaywithit) October 14, 2017
The information stolen included names, delivery addresses, email addresses and payment card information, including the number, expiration and the CVV number. Pizza Hut said it believes “less than one percent of the visits” were affected, which turns out to be approximately 60,000 individuals.
A spokesperson for Pizza Hut told FOX Business that it “notified customers in less than two weeks, while the standard has been 30+ days with some extending as long as eight months before customers were notified."
“With less than one percent of our weekly traffic affected, we are pleased to have detected it so quickly allowing us to be far under the millions of customers exposed by recent unfortunate intrusions at other companies,” the spokesperson said.
The company told victims that it will offer anyone affected by this one year of free credit monitoring through Kroll Information Assurance.
Pizza Hut now joins Sonic, the nation's largest drive-in restaurant chain, which disclosed a credit and debit card breach last month, affecting an unknown number of store payment systems. The fast-food chain has nearly 3,600 locations across 45 U.S states.