Pizza Hut customers took to Twitter to express their anger after learning the company failed to notify affected customers for nearly two weeks after discovering a data breach that exposed customer’s credit card details.
It seems like every day there’s another big name company caught leaving the front door open and the windows unlocked for hackers to wreak havoc and cause stress to its customers. First up this week? Pizza Hut.
“Hey @pizzahut, thanks for telling me you got hacked 2 weeks after you lost my cc number. And a week after someone started using it. #timely,” one unsatisfied customer tweeted this morning.
The pizza giant released a statement claiming a very small percentage of its customers who visited the US website or mobile app during a 28 hour period (from morning Oct 1, 2017, to mid-day Oct 2), and subsequently placed an order, may have had their credit card details compromised.
The compromised data includes the usual: Full names, billing zip codes, addresses, email addresses, and payment card details, including card numbers, expiration dates, and security codes.
Despite the public outcry regarding the delay in notifying impacted customers, Pizza Hut firmly stands behind their actions claiming to have identified the security mishap quickly and took immediate action to stop the incident from going any further.
Its good news for Pizza Hut that the General Data Protection Regulation (GDPR) is not yet in effect, because come May 25, 2018, incidents like these could cost companies’ fines of up to 20m, or 4% of global turnover. That’s a tough price to pay for delayed breach notification, but given the emphasis on ‘any data breach that may cause ‘serious harm’ to individuals affected by the breach,’ Pizza Hut breach would fall directly into this category.
When a customer’s financial data is compromised, they become vulnerable to identity theft, which is likely to cause emotional distress and extreme amounts of financial damage to an individual. It’s in a company’s best interest to begin notifying impacted customers immediately in an effort to maintain a level of trust with customers, minimize the damage for those impacted customers, and minimize the amount of bad press associated with suffering from a data breach.
Read this article on ComputerWeekly