New Zealand pizza lovers suffer information theft from Hell

Breach reveals personal information and topping preferences

Hell Pizza

Some 230,000 New Zealanders have been told that their personally identifiable information may have fallen into the hands of hackers who apparently compromised the network of a locally famous food chain, Hell Pizza.

From a story in The New Zealand Herald:

The personal details of several Kiwi celebrities have been released by hackers as proof they have cracked Hell Pizza's customer database.

Private information including passwords, e-mail and home addresses, phone numbers - plus pizza orders - has fallen into the hands of the anonymous cyber hackers.

Credit card information was not included in the haul, according to the company, although confidence in that assertion may be tempered by the details of how the chain has handled the matter.

(2010's 25 Geekiest 25th Anniversaries)

Patrick Gray of the security Web site Risky.Biz first broke the story and his report suggests that Hell was waiting for a cold day before taking aggressive action:

The information is 'doing the rounds' across New Zealand.  Some who came into contact with the database contacted the company last year, posing as 'concerned customers,' but received no acknowledgement of the data breach. They fear the database may have already found its way into the wrong hands.

According to Gray, the company initially denied knowledge of any data breach to him but contacted the authorities after being provided with samples of what was "doing the rounds." Only last Friday did the chain finally inform its customers.

New Zealand apparently has no law mandating that customers be told when their personally identifiable information has been compromised.

Although a company official suggested that "a rogue employee" may have been responsible for the breach, Gray quoted a security expert as describing "the security arrangements of the online ordering portal ... as 'about 50 steps of fail.' "

Meanwhile, among the "notables" reported by The Herald to have had their info spilled are radio personality Mike Puru, comic Dai Henwood, entrepreneur Seeby Woodhouse and former Green Party MP Nandor Tanczos.

OK, they've probably never heard of Lindsay Lohan, either, but at least New Zealand celebrities know how to conduct themselves when caught up in such an episode: with humor and the proper perspective.  From the story:

Puru said he was shocked to hear his information had been hacked. "It does scare me to think how easy it is to get that information. I can confirm I do like chicken tenders."

Tanczos appears to like lemon pepper wedges and vegan pizzas. "I am not too worried about people knowing my taste in pizza but the other information concerns me. Once someone can get into your e-mail it is easy to rip off a wider network of people."

But Henwood, who enjoys a side of kumara wedges or garlic bread, said he wasn't overly concerned.

"My Twitter has been hacked, my Facebook has been hacked and I'm pretty sure half of New Zealand has my phone number already. I have nothing bad to say about Hell."

Prior to this incident, the chain's Web site was perhaps best known for a rather hellacious brand of irreverence. (You can even drag and drop the little devils scurrying across the bottom of the homepage after finding your closest "Hell Hole" on this store-locator map.)  

There are 64 Hell Pizza outlets in New Zealand, nine in Australia, three in England and one in Ireland.

(Hat tip to the Open Security Foundation's DataLossDB newsletter.)

Welcome regulars and passersby. Here are a few more recent Buzzblog items. And, if you'd like to receive Buzzblog via e-mail newsletter, here's where to sign up.

Playboy's new site is safe for work? ... Not.

Town official doubly insulted by spyware allegation.

Caught on Tape: Hoisted by His Own Petard Edition.

Queen of distracted driving gives new law the middle toe.

California considers digital ads on license plates.

Scientist 'infected by computer virus' catches publicity fever

        8 in 10 browsers leave identifiable "fingerprints," EFF warns.

Doing the Laptop Drive of Shame, Part III

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies