Pizza Hut Australia Dishes Up A Data Breach As Hackers Slice In [Updated]

If you're a pizza fan, it might be time to keep an eye on your credit card statements. Pizza Hut Australia last night appears to have fallen victim to hackers going by the names of Oday and Pyknic (Update: Pizza Hut CEO confirms breach, read on for full statement). The hackers defaced the website last night, but what's more concerning is the claim that they made off with 260,000 Australian credit card numbers. That's some serious dough.

Whirlpool Forum users were the first to notice the hack, before Reddit Australia started to take notice. The website was restored at the time of publication, but around 15 hours ago the website looked like this:

Atrocious web design aside (seriously, take more pride in your work) the message that scrolls across the screen claims to have nabbed vital credit card numbers and customer account details:

Dear Pizza Hut,
It has come to our attention that we have absolutely ripped apart your internal security systems. Do you want to know what we took? ~240,000 Australian credit cards, 60,000 Australian members, your dignity.
Woopsies (sic) :C

Interestingly, the defaced site included a bright, shiny link to rival company Dominos Pizza. That's sure to cheese-off the supreme overlords at Pizza Hut.

This might put your mind at ease about the state of your dough, though: the restaurant told us this morning that it's simply impossible for the hackers to have obtained credit card information from customers, simply because it doesn't hold them internally. As per PCI DSS rules, credit card numbers are handed off to a secure, authorised, third-party to process and store transactions so that when these incidents go down, hackers don't walk off with the whole pie.

The claim that hackers took account details though remains out in the open. Best to change your passwords just in case.

Update: Pizza Hut general manager Graeme Houston has confirmed the breach. Here's his statement in full:

"Pizza Hut can confirm that a layer of its website,, was breached with access gained to names and contact information, including email addresses.
We are working with our website providers to conduct a thorough investigation of the matter and have also reported the incident to the Office of the Australian Information Commissioner. We would like to reassure all of our customers that absolutely no credit card information was stolen and there is no need for concern regarding credit cards.
The security of our online ordering system has not been compromised in any way and our customers can continue to order online in the knowledge the ordering system is secure."



    Oh Luke, so many cheesy puns..

      Agreed. Very inconsiderate using up all of the pizza puns in the one article. Left nothing for us to use.

    If you're a Pizza Fan, you've got nothing to worry about as you wouldn't be ordering anything from Pizza Hut.

      Out of the large commercial chains, Pizza Hut do the better pizzas. Well least that's the go locally here.

        Depends entirely on your local franchise. Pizza Hut are rubbish here.

        Personally I'll just order Crust if I want chain pizza, much better and while they might be $20, they have free delivery. It always amazes me that half a good pizza is just as filling as an entire Dominos/Pizza Hut pizza.

          As a previous Pizza hut, Dominos and Pizza Capers employee I only eat Domino's and Pizza Capers... not going into detail.

          Worst part is the whole credit card being processed by a third party thing is a lie, when you order something online with a Credit card it actually just prints it out on your receipt (not customer receipt but the internal order receipt) which being a delivery usually the driver would process this payment using the eftpos machine out the front. We would be told to then Throw the receipt into the bin.

          This I feel is a big issue and not very safe, it gets printed next the be pizza bench which would have an employee cutting and boxing pizza's which might move it or hand it to a driver which would then take it out the front and and process it (or hand it to the person working out the front to do if not busy) to then throw it in the bin. (which any employee can easily pick up or any random person could find it in the trash in the big bin out the back)

          So in the end you've got all these people you don't know handling your Credit Card information.

          Pretty slack...

            Yeah - I've worked two Pizza Hutts and a dominoes. You wouldn't believe some of the stories at Pizza Hutt. They have a terrible company culture, and consequently, food hygiene is basically non-existant at the store level.

              I worked at a Pizza Hut a long time ago (i.e. about 20 years ago). And yeah, I saw some of that stuff first hand. One incident in particular, which I won't go into detail about here, I'll never forget. Nor will I order their pizzas again.

          Exactly, I would prefer Pizza Capers any day over the others, I am yet to try Crust, but everyone swears by them.

    As long as they leave Crust Pizza alone it's all good ;)

    I make my own pizza... that way i don't feel as fat!

    WHAT!? Pizza Hut are still operating after so many years?

    It's actually pretty funny, Probably cheesed them off a bit though.

    PCI DSS doesn't specify that you _need_ to have everything handled by a third party

    Damn...couldn't they just order free pizzas ...forever? Free...pizzas...forever...

Join the discussion!