Pizza Hut emailed select customers Saturday to inform them that personal information may have been compromised in an early October hack.
According to the email, shared on social media by some recipients, affected customers placed orders on the company's mobile app or website between the morning of October 1 and midday on October 2. Though it wasn't explicitly stated in the email, a customer service representative confirmed to Thrillist that credit card details were likely a part of the hack, along with other personal information.
"The security intrusion at issue impacted a small percentage of our customers, and we estimate that less than one percent of the visits to our website over the course of the relevant week were affected," the email to customers read. "That said, we regret to say that we believe your information is among that impacted group."
Some reports are placing the total number of impacted customers at 60,000.
The gap between the incident and the alert was about two weeks, far less than the recent Equifax security breach. A Pizza Hut representative told McClatchy the company moved as quickly as possible to inform customers. Most states don't have a required time frame within which a company must inform customers of a potential hack. The Washington Post reports the eight states that do have the requirement -- Connecticut, Florida, Maine, New Mexico, Ohio, Rhode Island, Tennessee and Vermont -- dictate customers must be informed somewhere between 30 to 90 days after the incident.
Nonetheless, some frustrated customers have taken to social media to share that their bank accounts were hacked in the time between the incident and being informed of the situation by Pizza Hut.