Gabrielle Russon
A former Disney World employee is pleading guilty to hacking into the resort’s menu system, renaming wine regions from the drink menus after recent mass shootings and sticking a swastika image on another menu, according to his plea agreement filed in federal court.
In addition, Michael Scheuer changed the QR digital menu codes so people would be directed to boycott.israel.org. He also changed some menu backgrounds and images to white so the documents looked blank. Disney caught his tinkering before the menus could go out to the public.
Those were some of the new revelations in the plea agreement, where Scheuer is pleading guilty to two charges. The first count, which carries a maximum sentence of 10 years in prison and a maximum fine of $250,000, is transmitting a program, information, code and command to intentionally cause damage without authorization to a protected computer that caused at least $5,000 in damages in a year. The second count he pleaded guilty to was aggravated identity theft.
No sentencing date has been set for Scheuer, said his attorney, David Haas. Haas declined to comment when reached by Florida Politics Friday.
Haas told Court Watch, which broke the story, that “Mr. Scheuer is prepared to accept responsibility for his conduct. Unfortunately, he has mental health issues that were exacerbated when Disney fired him upon his return from paternity leave. No one was ever at risk of injury and he is deeply remorseful for what happened.”
Federal court documents also said Scheuer changed the food allergy information on the menu, which could have had deadly consequences if Disney hadn’t caught the changes. “The allergen alterations focused on peanut, tree nut, shellfish and milk allergens,” the plea agreement said.
Disney printed the wrong menus but realized the mistake in time. The menus were not sent to restaurants or distributed to the public. Still, the menu system was down for days at one of the biggest tourism attractions in the world. The menus had to be manually approved and distributed while the system was down, according to the plea agreement.
“As a result of Scheuer’s actions within Menu Creator, nearly every menu in the system was impacted,” the plea agreement said. “Scheuer also leaked on the dark web the creator URL he used to commit (the cyberattack) and Menu Creator login information for numerous accounts.”
According to the criminal complaint, authorities said Scheuer hacked into Menu Creator, which is run by a third-party Minnesota company that creates menus used only for Disney World restaurants.
Scheuer worked as a menu production manager until he was fired on June 13 for misconduct.
Disney World did not respond to a request for comment Friday for this story.
