Hell Pizza investigating database breach claim

Hell Pizza has alerted its customers about a possible database breach, but is still trying to find evidence it has happened.

* This story has been updated. Click here to read the latest.

The notice comes after the fast-food restaurant received a number of emails saying its old website had been hacked, and customer details had been stolen.

Hell's director Warren Powell told NZPA he is unaware of any breach in security, and IT staff have so far found nothing proving information has been stolen.

"It's like someone ringing me up and saying your car has been stolen, and then you look at the garage and its still there.

"So we are not really sure what the person's motivation is. We are really not sure about what this person is trying to say because we can't find anything."

Mr Powell said the information had come from Patrick Gray, the writer and publisher of Australian-based website Risky.Biz. On the site, Mr Gray wrote he understands "multiple intruders have compromised Hell Pizza's 400mb database," and the information is "doing the rounds" across New Zealand.

Thought it does not include credit card information, he wrote, the database has the full names, addresses, phone numbers, email addresses, passwords and order history for the company's 230,000-plus customer entries.

Mr Gray said he was contacted by someone who wished to bring the breach to the public's attention.

"I'm just a journalist reporting on the story. What other motivation could I have."

Hell received the details of four customers from 2005 and 2006, including phone numbers, email addresses, and order information from Mr Gray.

Hell IT staff then went back through the database to find any breach and will keep scrolling through the data, Mr Powell said.

"If there is breach of security it will appear, data would have been removed and therefore it would appear as a download.

"We'll be able to find out the day and the computer it was downloaded to and we'll be able to prosecute this person if they exist."

Mr Powell said the database has been changed since the restaurant was bought back from Tasman Pacific Foods in 2009, and it's now "impossible" to be hacked in the way that has been claimed.

"I wouldn't be surprised if it was a previous employee that was employed by the company that used to own Hell before we took it back, because we can't find any intrusions into our databases."

Hell has notified police, and as a security measure advised customers to change their passwords on other sites, if they were the same as the old Hell website.

- NZPA