Pizza Hut franchise operator reports data breach affecting 120,426 people

Pizza Hut managers and workers tied to a Wichita franchise operator are now dealing with the fallout from a data breach that affected 120,426 people, including 26 Maine residents and 20 New Hampshire residents.

Restaurant Management Company of Wichita, Inc. said in a Maine Attorney General filing that hackers gained access to part of its computer systems during a breach window that ran from October 4, 2025, through October 13, 2025. The company said it discovered the incident on March 26, 2026, and sent written consumer notices on April 20, 2026. The notice lists the company at 7700 E. Polo Dr., Wichita, KS 67206 and names Jon Wilson of Shook, Hardy & Bacon as legal counsel.

The filing describes the incident as an external system breach, and the company offered Experian IdentityWorks identity-theft protection services. It did not spell out the exact data categories exposed, but the scale alone points to a franchise operator with systems broad enough to touch customer records, employee files, or both.

That matters inside Pizza Hut stores because franchise operators run the back-office machinery that keeps locations moving: hiring paperwork, payroll, scheduling, benefits enrollment, customer contact lists, and other records managers rely on when staff have questions or when a store needs to verify information quickly. When those systems are hit, the work does not stay with legal or IT teams. It lands on district managers, store managers, and anyone answering the phone when a worker or customer wants to know whether their information was involved.

Restaurant Management Company of Wichita is a Wichita-based Pizza Hut franchisee, and Pizza Hut’s parent company says the brand operates more than 19,000 restaurants in 108 countries. That kind of scale makes franchise cybersecurity a workplace issue, not just a corporate one. A breach at one operator can mean password resets, internal reviews, tighter access rules, and more scrutiny of how employee and customer data move through local restaurant systems.

The notice also shows how multi-state these incidents can become. Maine’s filing identified 26 residents in that state, while outside reporting said New Hampshire residents were also affected. For franchise teams, that kind of spread means more than one notice letter, more than one regulatory process, and more pressure to keep records clean when the next HR issue, payroll correction, or customer complaint comes through the door.