FBI investigated Disney World cyberattack after restaurant menus were changed

Orlando, Florida, USA - February 9, 2022:  A Walt Disney World entrance arch gate in Orlando, Florida, USA. Walt Disney World is an entertainment resort complex.
Disney World did not response to a request for comment Wednesday.

A fired Disney World employee is accused of hacking into an online system and altering Disney World restaurant menus by changing fonts and prices, adding profanity and manipulating the food allergy warnings, according to new federal documents.

The cyberattack caused at least $150,000 in damage and has gotten the FBI involved. Disney printed the wrong menus but realized the mistake in time. The menus were not sent to restaurants or distributed to the public.

A criminal complaint against Michael Scheuer was filed last week in U.S. District Court’s Orlando division. He was arrested on Oct. 23.

“The allegations acknowledge that no one was injured or harmed. I look forward to vigorously presenting my client’s side of the story,” Scheuer’s attorney, David Haas, said in a Wednesday comment to Florida Politics.

Court Watch, in collaboration with 404 Media, was the first media outlet to report about the federal court filing.

According to the criminal complaint, authorities said Scheuer hacked into Menu Creator, which is run by a third-party Minnesota company that creates menus used only for Disney World restaurants.

Scheuer worked as a menu production manager until he was fired on June 13 for misconduct.

Scheuer’s firing was contentious and was not considered to be amicable,” read the criminal complaint, which did not go into details into the situation.

Over the next three months, Disney became the victim “of multiple computer intrusions into servers associated with the Menu Creator program,” the complaint said. “Scheuer had intimate knowledge of the system architecture, the menu processing workflow, and potential vulnerabilities within the system. Only employees in Scheuer’s position or a position similar to Scheuer would have the accesses and knowledge to carry out the attacks.”

What tipped Disney off was that some of the fonts in Menu Creator had been changed to wingdings, the font made up of symbols.

The changes caused problems in Menu Creator, so it was offline temporarily, causing problems for Disney.

Authorities described some of the menu changes as “benign,” such as different prices or profanity suddenly appearing. Other changes were more serious and could have put people’s health at risk.

“Namely, the threat actor manipulated the allergen information on menus by adding information to some allergen notifications that indicated certain menu items were safe for individuals with peanut allergies, when in fact they could be deadly to those with peanut allergies,” the criminal complaint said.

The FBI tracked an IP address connected to the cyberattack to Scheuer’s computer with a private network installed on it.

Scheuer is accused of a disruption to the system and attempting over 100,000 logins, according to the criminal complaint.

They seized Scheuer’s computers and found a “dox” folder and personal identifiable information for the victims of his denial-of-service attacks. 

“Namely, the multiple incorrect logon attempts would cause an account to lockdown and thus render the corporate accounts unusable until the attacks subsided and the passwords could be reset,” the complaint said.

Scheuer said Disney was trying to frame him “because they were worried about him and the conditions under which he was terminated,” the criminal complaint says.

Disney World did not respond to a request for comment Wednesday. The U.S. Attorney’s Office for the Middle District of Florida declined to comment.

The court documents that bring up the public health concerns over food allergies at Disney World come after a woman died in an unrelated incident from her severe food allergies after eating at a Disney Springs restaurant in 2023.

Florida Politics broke the story that Disney World and an independently-run restaurant Raglan Road Irish Pub and Restaurant were being sued by the widower. The lawsuit led to a wave of international bad publicity for Disney after it tried to force the case in arbitration using its terms and conditions from Disney+ and its theme park app. 

Scams, unfortunately, happen even at the Most Magical Place on Earth.

In 2018, Disney World’s Governing Board fell victim to an email phishing scheme that cost the Board $100,000 when an employee sent money to a fake landscaping vendor who emailed her.

Gabrielle Russon

Gabrielle Russon is an award-winning journalist based in Orlando. She covered the business of theme parks for the Orlando Sentinel. Her previous newspaper stops include the Sarasota Herald-Tribune, Toledo Blade, Kalamazoo Gazette and Elkhart Truth as well as an internship covering the nation’s capital for the Chicago Tribune. For fun, she runs marathons. She gets her training from chasing a toddler around. Contact her at [email protected] or on Twitter @GabrielleRusson .



#FlaPol

Florida Politics is a statewide, new media platform covering campaigns, elections, government, policy, and lobbying in Florida. This platform and all of its content are owned by Extensive Enterprises Media.

Publisher: Peter Schorsch @PeterSchorschFL

Contributors & reporters: Phil Ammann, Drew Dixon, Roseanne Dunkelberger, A.G. Gancarski, Ryan Nicol, Jacob Ogles, Cole Pepper, Jesse Scheckner, Drew Wilson, and Mike Wright.

Email: [email protected]
Twitter: @PeterSchorschFL
Phone: (727) 642-3162
Address: 204 37th Avenue North #182
St. Petersburg, Florida 33704