Monday (Oct. 16) news reports from QSR magazine shared that yet another well-known brand has recently been hit with a cyberattack. Quick service restaurant (QSR) pizza chain Pizza Hut has announced its own cybersecurity incident, a breach that lasted approximately 28 hours beginning on Oct. 1.
QSR magazine described Pizza Hut’s cyberattack as a “temporary security intrusion.” The breach allegedly put any customer of the Yum! Brands QSR who visited the Pizza Hut website or mobile app during the period at risk, especially those who placed orders during the impact window.
“While Pizza Hut is suggesting this breach wasn’t particularly serious in terms of the volume of customers affected, there are certainly some best practices that were not implemented around this breach,” said Marco Cova, senior security researcher at malware protection firm Lastline, in a statement.
Though the QSR chain announced the security intrusion only impacted 1 percent of visits, that low percentage still means the personal information of approximately 60,000 customers throughout the U.S. — including addresses, billing information, email addresses, names and payment card information — may have been negatively affected by the cybersecurity incident, QSR magazine reported. To make things right, Pizza Hut is offering impacted customers free credit monitoring through Kroll Information Assurance for one year.
While Pizza Hut has shown an interest in helping impacted customers protect themselves, the retail firm did take two weeks to publicly report the cybertheft.
“Waiting two weeks to inform the users affected means that the individuals were unable to block or change their cards, which, in turn, meant that the fraudulent data stolen facilitated further cybercrime in the form of credit card fraud, which is always the worry with data breaches,” Cova said. “Companies should learn from this mistake and should endeavor to tell the individuals what’s happening as soon as possible and invest in the appropriate breach detection services to stop cybercriminals before they access the data in the first place.”
Pizza Hut’s Director of Communications, Doug Terfehr, made a similar statement regarding the company’s response time, according to QSR magazine.
“We value the trust our customers place in us and while we were able to address this incident quickly, we regret that this happened and apologize for any inconvenience this may have caused,” Terfehr said.
Pizza Hut is not the first QSR chain to report a breach. Sonic Drive-In, Chipotle and Wendy’s have all announced similar incidents in recent years.