Ex-Disney Employee Charged With Hacking Menu Database

In a vengeful move against the happiest place on Earth, the former employee allegedly used his old credentials to make potentially deadly changes.

Dark Reading Staff, Dark Reading

October 30, 2024

1 Min Read
Crowd of people at Magic Kingdom at nighttime, Cinderella's castle brightly lit in the background
Source: Shannon Crighton via Alamy Stock Photo

A former Disney employee was arrested and charged after allegedly hacking into the company's systems and altering its restaurant menus.

Michael Scheuer, an ex-menu production manager at Disney, was charged with violating the Computer Fraud and Abuse Act (CFAA) on three different occasions.

He was fired from this position in June, after unspecified misconduct; his dismissal was described as "contentious" and "not considered to be amicable," according to court documents.

Scheuer allegedly used his work credentials, which were still functioning after his termination, to log into the Disney menu creation system contracted by a third-party company and change the fonts in the system to Wingdings symbols.

When the menu creator was launched, it would reach for these altered font files, believing them to be correct. 

"As a result of this change, all of the menus within the database were unusable because the font changes propagated throughout the database," read the complaint.

Scheuer also allegedly deleted allergen information from the menus, suggesting some foods were safe when they weren't, leading to potentially deadly consequences. The menus were identified and isolated by Disney before they could be shipped.

The menu changes caused the system to go offline for a couple of weeks and required backup to restore.

Scheuer has also been accused of being the root cause of several distributed denial-of-service attacks against several Disney employees, their information found in a folder on one of Scheuer's virtual machines, labeled "dox." According to the FBI, the evidence found in the investigation pointed to Scheuer as the perpetrator. He has been charged on two violations of the CFAA and remains in jail pending a bond hearing. If found guilty, he faces up to 15 years in prison.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights