‘Thousands’ of Hungry Jack’s staff personal data exposed in internal leak

The chief executive of Hungry Jack’s has confirmed that an internal data leak accidentally exposed the names, birthdates and store locations of of staff, including minors, across the country.

In the early hours of Monday, hundreds of employees received an email from the burger chain’s training and communication portal, Jedi, that included an attached spreadsheet of staff information outlining full names, job titles, personal email addresses, start dates, and employment classifications.

In an email to some workers on Monday afternoon, Hungry Jack’s chief executive, Chris Green, said the spreadsheet, sent at 2.07am, was due to an “inadvertent data disclosure incident” and not a cyberattack.

“The result of our investigation indicates that you have a current Jedi account and some of your personal identifiable information within Jedi has been unintentionally disclosed via email to 198 Hungry Jack’s employees,” Green wrote.

“This was not a result of a cyberattack, nor was it deliberate or malicious.”

The burger chain has recalled and deleted most emails and has implemented additional security measures to prevent future similar incidences, he said. No passwords were disclosed, but employees were urged to regularly change their passwords.

Hungry Jack’s is reporting the incident to the Office of the Australian Information Commissioner.

However, the parent of one minor Hungry Jack’s employee whose details were exposed in the leak believes the email may have been sent to many more than 198 workers.

“When I opened it, I was floored,” said the parent, who requested anonymity.