Pizza Hut is facing a lot of angry customers this week after it waited two weeks to inform them of a security breach. Anyone placing an order in the US using the company's website or mobile app on Oct. 1-2 may have had their credit card details stolen.

As reported by the Lexington Herald Leader, Pizza Hut sent out an email to customers yesterday, Oct. 14, informing them of the breach. The company classed it as a "temporary security intrusion," which made transactions carried out between the morning of Oct. 1 and midday Oct. 2 vulnerable.

yup. so they knew this happened immediately but didn't notify customers until today. my bank acct was emptied a few days ago, had no idea pic.twitter.com/xC4vhPJg3M — á´"á´?á´œÊ€á´›É´á´‡Ê?. (@runawaywithit) October 14, 2017

The information stolen includes names, delivery addresses, email addresses, and payment card information including the number, expiration date, and the CVV number. Some customers are now reporting their cards have been used fraudulently; presumably if Pizza Hut had informed customers of the breach immediately, action could have been taken to cancel cards and avoid the fraud.

As to the impact of the security breach, Pizza Hut believes "less than 1 percent of the visits" were affected. Apparently that turns out to be about 60,000 individuals across the US. Pizza Hut is offering anyone affected by this one year of free credit monitoring through Kroll Information Assurance.

Pizza Hut has not yet revealed why it happened. Suggestions that the full extent of the breach took time to uncover or that law enforcement delayed the announcement need clarifying.

Further Reading

Security Reviews