Pizza Hut told about 60,000 customers over the weekend that they should start canceling their credit cards. Or, ideally, that they should have already canceled them. Hackers compromised the payment info for anyone who ordered either online or via the app between the morning of October 1 and midday on October 2, the chain said in an email sent out Saturday. The “temporary security intrusion,” as the notice called it, lasted for about 28 hours, but the email said that only “a small percentage” of customers were affected. Rather than post a statement on its website, though, the chain opted to contact customers it believes were impacted individually — and worse, from their prospective, to wait until two weeks after the breach had occurred.
Several people have gone after Pizza Hut on social media, complaining that an earlier heads-up might have helped to, you know, prevent the fraud they ultimately experienced:
A Pizza Hut rep said in a statement that they “take the privacy and security of our customers very seriously,” and didn’t wait to notify customers on purpose. (In fairness, it can take time for companies to work with authorities and assess the scope of a hack.) To make up for it all the same, the chain is offering affected customers a year of free credit monitoring. It also advises them to be on the lookout for “scams asking for personal information because of the hack.” For example, the statement clarifies that Pizza Hut does not require your Social Security number to take a pizza order. The more you know!