The IT Nerd

This is quickly becoming the year of pwnage. The latest pwnage victim is Pizza Hut who not only got pwned, but did a craptastic job of telling the 60K or so who got affected that they were affected:

Pizza Hut told customers by email on Saturday that some of their personal information may have been compromised. Some of those customers are angry that it took almost two weeks for the fast food chain to notify them.

Hey @pizzahut, thanks for telling me you got hacked 2 weeks after you lost my cc number. And a week after someone started using it.#timely

— Ian Paul Freeley (@IanPaulFreeley) October 14, 2017

According to a customer notice emailed from the pizza chain, those who placed an order on its website or mobile app between the morning of Oct. 1 and midday Oct. 2 might have had their information exposed.

The “temporary security intrusion” lasted for about 28 hours, the notice said, and it’s believed that names, billing ZIP codes, delivery addresses, email addresses and payment card information — meaning account number, expiration date and CVV number — were compromised.

The fact that they took that they didn’t disclose the pwnage right away is problematic to say the least. There should be a law that requires companies to immediately disclose that they’ve been pwned. In this case, the hackers who did this have a one week head start on whatever chaos they want to cause using the credit card info they swiped. Hopefully someone on Capitol Hill takes notice of this and asks the top brass at Pizza Hut not to deliver a pizza, but to deliver some answers instead.

This entry was posted on October 16, 2017 at 7:55 am and is filed under Commentary with tags Pizza Hut. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.