Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pizza Hut Leaks Credit Card Info On 60,000 Customers (kentucky.com)

Posted by EditorDavid on from the outpizza-ing-the-hut dept.

An anonymous reader quotes McClatchy: Pizza Hut told customers by email on Saturday that some of their personal information may have been compromised. Some of those customers are angry that it took almost two weeks for the fast food chain to notify them. According to a customer notice emailed from the pizza chain, those who placed an order on its website or mobile app between the morning of Oct. 1 and midday Oct. 2 might have had their information exposed. The "temporary security intrusion" lasted for about 28 hours, the notice said, and it's believed that names, billing ZIP codes, delivery addresses, email addresses and payment card information -- meaning account number, expiration date and CVV number -- were compromised... A call center operator told McClatchy that about 60,000 people across the U.S. were affected.
"[W]e estimate that less than one percent of the visits to our website over the course of the relevant week were affected," read a customer notice sent only to those affected, offering them a free year of credit monitoring. But that hasn't stopped sarcastic tweets like this from the breach's angry victims.

"Hey @pizzahut, thanks for telling me you got hacked 2 weeks after you lost my cc number. And a week after someone started using it."

6 of 76 comments (clear)

  1. Cash by Anonymous Coward · · Score: 1, Insightful

    And folks, that's why cash is best.

    Credit cards are nothing but evil. Although, if you want to travel, you can't live without them.

    Credit is just an evil. There's very little good about it - for consumers.

    Now, business credit is called "leverage" and that's a whole different issue.

    But for Joe Public, credit cards should just be outlawed. Just destroy them and their business. If it weren't for them, much of our economic dysfunction wouldn't exist. It just distorts everything....

    1. Re:Cash by Anonymous Coward · · Score: 3, Insightful

      Cash doesn't come with zero liability like credit cards often do. If one's card is stolen or number compromised, they're just mailed a new card. Easy, no hassles. Sure, one occasionally hears horror stories, but that's why one should be somewhat selective with the credit card issuers they choose to do business with.

      As for accumulating debt, one can just pay the bill in full every month like many do. In which case, no debt to worry about. So one gets all the benefits of zero liability, plus rewards, extended warranty, plus convenience. Cash is easy to lose, easy to steal, easy to get wrong change, plus the slight chance of getting counterfeit bills too.

      Also, good luck trying to mail order anything with cash. Most places don't accept COD anymore. Sure one could mail a money order or check, but good luck with that. Pre-paid and debit cards are a work-around for mail order, but are no panacea; less ideal than paying with a credit card. For renting a car, the guest with a credit card will be well on their way while the cash customer is still waiting on paying the sizable deposit, which may be based, in part, on one's credit. A catch-22 there for one who doesn't use any credit cards.

      Bottom line, despite all the issues, cashless payments is the reality. Even more so for young people today who often avoid using cash even for the smallest purchases. Anyone working in retail observes this every day.

  2. Why do they keep all that information ... by Alain+Williams · · Score: 5, Insightful

    on some machine that it capable of being cracked ? Once they have sought payment from the credit card company - why do they keep the CVV number ? If, for some reason, they really need to (eg: easy next order), then keep all that sensitive information on some machine with a very narrow API (eg: charge customer 1234 $20 - tell me if this is approved). Many problem could be, at least partly, mitigated if they did not store everything in one big damn SQL database!

    1. Re:Why do they keep all that information ... by Anonymous Coward · · Score: 3, Insightful

      Lets clarify, as someone else tried for you. It is not illegal, or double illegal.

      Legally you can store CC numbers on fliers you put on everyone's door for advertisement. PCI is a set of rules that show you follow industry standard for protecting CC numbers (it isn't actually protecting them, its following a set of rules that may or may not protect them) IF you follow PCI rules and there are fraudulent transactions, you are not responsible. IF you do NOT follow PCI rules and there are fraudulent transactions you are responsible.

      That being said, I don't believe Target, Home Depot, Michaels, or anyone else has been held responsible despite NOT following PCI rules. So despite what is written down, what is enforced doesn't follow. It appears companies are not required to follow PCI and any fraud they help is still card holder's responsibility.

  3. Pizza Hut problems by DogDude · · Score: 0, Insightful

    If you're eating at Pizza Hut, you've got bigger problems in your life than getting your credit card number stolen again.

    --
    I don't respond to AC's.
    1. Re:Pizza Hut problems by Anonymous Coward · · Score: 2, Insightful

      Tell you what then: Post your CC details here, and I'll go eat at Pizza Hut tonight. We can touch base again here week to see how we're both doing.