Pizza Hut issues statement over cyber incident

193,000 customers were impacted by the incident.

Pizza Hut Australia announced that in early September it became aware of a cyber incident where an unauthorised third party accessed the company’s data.

Below is a statement from a Pizza Hut spokesperson:

Pizza Hut Australia became aware in early September of a cyber incident where an unauthorised third party accessed some of the company’s data. The data is limited to the Australian market and does not impact Pizza Hut’s operations in any other country.  

We took immediate action to protect our customers and our systems by engaging cyber security specialists to help us understand what occurred, assess the impact, and take steps to secure the data.

At this stage, we have confirmed that the data impacted relates to customer record details held on our customer database which includes information such as a customer’s name, delivery address and instructions, email address and contact number.

Please understand that no usable customer credit card data has been compromised as Pizza Hut Australia never collects unmasked credit card data. There is also no evidence to suggest the misuse of any individual’s personal information. It is also worth noting that Pizza Hut Australia does not collect any government identity documents or sensitive information and secures all account user passwords with strong one-way encryption.

From our investigation and the steps taken in response to the incident, we believe there is only a small proportion of customers on our database (193,000) whose personal information has been impacted.

We have contacted these customers to advise them of the incident and the steps they can take to protect their information and avoid potential scams.

Out of an abundance of caution, we have contacted the other current customers in our database to inform them of the incident and provide steps they can take to protect their personal information.

We are taking this matter very seriously and we have reported the incident to the Australian Cyber Security Centre (ACSC) and notified the Office of the Australian Information Commissioner (OAIC).

Our day-to-day operations are not impacted, and we are continuing to securely process orders both online and over the phone on behalf of our customers.

Our investigation will continue, and we will update our customers if any additional relevant information becomes available.

We thank our customers for their understanding and ongoing support, and we apologise for any concern that this incident may have caused.