News broke yesterday evening that Pizza Hut customers are reporting fraudulent activity on their cards, after the pizza giant reported a card breach. The company have suggested only a few accounts were breached, but users are suggested they were not informed until two weeks after.
Commenting on this, Marco Cova, senior security researcher at Lastline said:
“While Pizza Hut are suggesting this breach wasn’t particularly serious in terms of the volume of customers affected, there are certainly some best practices that were not implemented around this breach. Waiting two weeks to inform the users affected means that the individuals were unable to block or change their cards, which in turn meant that the fraudulent data stolen facilitated further cybercrime in the form of credit card fraud, which is always the worry with data breaches. Companies should learn from this mistake, and should endeavour to tell the individuals what’s happening as soon as possible, and invest in the appropriate breach-detection services to stop cybercriminals before they access the data in the first place.”