An ex-employee of Walt Disney World, possessing access to the company's passwords post-termination, compromised a third-party menu-creation system used by Disney's restaurants. The attack involved altering menu fonts and listings, resulting in unusable menus and potential allergen misinformation, leading to locked employee accounts and misuse of personal employee information.
Source: https://www.wired.com/story/disney-world-menu-hack-wingdings/
TPRM report: https://scoringcyber.rankiteo.com/company/walt-disney-world
"id": "wal000110424",
"linkid": "walt-disney-world",
"type": "Breach",
"date": "11/2024",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Entertainment',
'location': 'Florida, USA',
'name': 'Walt Disney World',
'type': 'Company'}],
'attack_vector': 'Compromised Credentials',
'data_breach': {'type_of_data_compromised': ['Menu data',
'Employee personal information']},
'description': 'An ex-employee of Walt Disney World, possessing access to the '
"company's passwords post-termination, compromised a "
"third-party menu-creation system used by Disney's "
'restaurants. The attack involved altering menu fonts and '
'listings, resulting in unusable menus and potential allergen '
'misinformation, leading to locked employee accounts and '
'misuse of personal employee information.',
'impact': {'data_compromised': ['Menu fonts and listings',
'Employee personal information'],
'operational_impact': 'Unusable menus and potential allergen '
'misinformation',
'systems_affected': ['Third-party menu-creation system',
'Employee accounts']},
'motivation': 'Unknown',
'post_incident_analysis': {'root_causes': 'Post-termination access to company '
'passwords'},
'threat_actor': 'Ex-Employee',
'title': 'Unauthorized Access and Data Misuse by Ex-Employee',
'type': 'Unauthorized Access',
'vulnerability_exploited': 'Post-termination access to company passwords'}