Cyber Incident Victim: Apache Pizza

Apache Pizza, a take-out pizza delivery chain in Ireland, confirmed a cybersecurity breach around June 2021 that exposed customer delivery information. The company notified affected customers, clarifying that the incident did not involve financial data such as bank or credit card details, which Apache stated it does not store. The breach specifically compromised delivery-related customer information shared with the company during order transactions. While the exact date of the intrusion remains unspecified, public acknowledgment occurred on June 6, 2021, when Apache issued its notification and media coverage emerged. The incident followed similar breaches involving Domino’s Pizza in India and New York Pizza in the Netherlands, though no direct connection between these events was asserted. Apache did not disclose the number of affected customers, the method of attacker access, or whether data was exfiltrated or merely accessed.

The company’s response focused on transparency regarding the breach scope, explicitly assuring customers about the safety of payment information due to its non-retention practices. No details were provided about containment measures, forensic investigations, or collaboration with law enforcement or data protection authorities. The breach’s primary impact centered on potential exposure of delivery addresses, contact details, and order histories, creating privacy risks for customers. Apache did not specify whether attackers exploited a technical vulnerability, social engineering, or third-party supplier weaknesses. The incident highlighted operational risks associated with storing customer delivery data, even absent financial information. Public reporting indicated no immediate evidence of misuse of the breached data at the time of disclosure.