Welcome to the SecAware blog

I spy with my beady eye ...

10 Oct 2006

Do you want garlic bread with that?

A story about inadequate security practices by Pizza Hut has graduated to a public relations nightmare thanks to the local news media in New Zealand. The incident which sparked it involved a customer noticing that the delivery boy's delivery note included her name, address, phone number, full credit card number, credit card expiry date and cardholder's name - apart from the lack of CVV2 data, that's game, set and match for identity thieves, potentially including Pizza Hut staff, delivery boys/girls, their relatives/friends and indeed anyone who finds a carelessly discarded delivery note. A consumer advice site that broke the story was given the run-around by Pizza Hut and fobbed off with an unhelpful response from their PR agency. Pizza Hut NZ is evidently planning to change its systems not to print the full credit card number ... by March next year ... so, meanwhile, Pizza Hut NZ customers are well advised to pay in cash or find a pizza supplier that actually gives a hoot about their customers' security.
More resources on security incidents

No comments:

Post a Comment