You are currently viewing Former Disney Employee Jailed After Tampering with Allergen Information in Alarming Cyberattack on Menu System

Former Disney Employee Jailed After Tampering with Allergen Information in Alarming Cyberattack on Menu System

  • Reading time:4 mins read

In a shocking case that underscores the urgent need for robust food safety cybersecurity in the food industry, a former Walt Disney World employee has been sentenced to three years in federal prison for hacking the company’s digital menu system and altering allergen information—potentially putting lives at risk.

A Nightmare in the Making

Michael Scheuer, 41, of Winter Garden, Florida, was fired from Disney in June 2024. Just a month later, he launched a malicious campaign targeting the company’s proprietary “Menu Creator” software—tampering with vital food safety data. In a disturbing act of sabotage, he reprogrammed menu items containing peanuts and other allergens to falsely appear allergen-free. For anyone with a severe allergy, that’s not just a prank—it’s a potential death sentence.

But the cyber sabotage didn’t stop there.

Scheuer also turned Disney’s menu system into digital chaos: he changed fonts to gibberish Wingdings, redirected QR codes to activist sites, added profanity, replaced wine regions with the names of mass shooting locations, and even embedded a swastika graphic. His actions forced Disney to take the system offline for more than a week, reverting to manual processes and backup menus.

Food Safety Meets Cybersecurity Weakness

While Disney caught the altered menus before they were used publicly—avoiding a potential health disaster—the attack exposed critical weaknesses in food safety systems that rely on digital infrastructure. One of the most glaring failures? Scheuer’s access credentials were not revoked immediately after his termination, giving him weeks of unmonitored access.

With peanut allergies alone affecting an estimated 2% of U.S. children—and capable of causing fatal anaphylaxis—the stakes couldn’t be higher.

Collateral Damage: Targeting Former Colleagues

In an unsettling twist, Scheuer also launched denial-of-service (DoS) attacks on 14 Disney employees, bombarding their accounts with over 100,000 failed login attempts. When FBI agents searched his home in September, they found virtual machines and personal data tied to several victims. Weeks later, Scheuer was caught on a Ring doorbell camera loitering outside one employee’s home—an act authorities interpreted as attempted intimidation.

Justice Served, But Questions Remain

On April 24, 2025, U.S. District Judge Julie Sneed handed down a 36-month prison sentence, plus three years of supervised release. Scheuer was also ordered to pay nearly $688,000 in restitution, most of it going to Disney and the third-party vendor behind the compromised menu software.

Although no diners were harmed, the fallout was significant—prompting Disney to retire the compromised system and accelerate plans for a more secure replacement.

The Bigger Picture for Food Industry Leaders

This case is a wake-up call for food safety professionals and foodservice businesses alike: digital food systems are now frontline targets for cyber threats. When those systems include allergen data, customer health and lives are at stake.

Experts are now urging the food industry to:

  • Strengthen access controls and cybersecurity protocols
  • Immediately revoke system access for terminated employees
  • Audit digital food safety systems regularly for vulnerabilities

As digital transformation accelerates across the food sector, ensuring that technology doesn’t become a weak link in your food safety chain is more critical than ever.

Source: FSN

Reach out to Fresh Group Food Safety And Quality Consulting for any inquiries related to food quality and safety.

Leave a Reply