Welcome to the First Column IT Tech Blog

HomeBlog
The Disney Menu Debacle Can Teach Your Business a Lesson About Access Control

The Disney Menu Debacle Can Teach Your Business a Lesson About Access Control

November 25, 2024

The Disney brand centralizes its efforts on magic and wonder, but its parks’ food is one aspect that has recently been subject to concerning developments. A former Disney employee managed to access a menu-planning app and make changes to prices, add foul language, and change menu information. Since we live in a world with food allergies, you can already see where this is going.

The Federal Bureau of Investigation has issued this statement on the matter:

“The threat actor manipulated the allergen information on menus by adding information to some allergen notifications that indicated certain menu items were safe for individuals with peanut allergies, when in fact they could be deadly to those with peanut allergies.”

Thankfully, Disney nipped the issue in the bud before the menus were distributed, and there is no evidence that customers ever saw them. Additionally, there is no indication that these events are related to a prior event in 2023 when a death occurred at a Disney-owned restaurant due to allergens.

These Changes Could Have Been Prevented

This problem stems from a simple issue with network security: someone had permission when they shouldn’t have.

The FBI has reported that the accused individual, a former Disney employee and menu production manager named Michael Schuer, used his Disney credentials to access the menu-planning app to make changes. He was also able to use his old logins to access the app developer’s server. It’s a real case of a former employee doing despicable things with old login credentials.

What gave the “hack” away was the use of the Wingdings font. This is when Disney employees caught the issue and pulled the app. Before this, though, many employee accounts had been locked because the accused used scripts to automate logins. More than a dozen accounts exceeded their allowed login attempts, which made logging in difficult.

The complete criminal complaint offers more details about this event and the inciting attacks.

Pay Attention to User Permissions and Access Logs for Suspicious Activity

It might be a bit blunt of us to say, but this entire situation could (and should) have been prevented.

When an employee leaves your business or organization, you take away their login credentials right as they walk out the door. This is a standard and accepted best practice. It’s a part of ensuring proper access control for your business.

It’s easy to overlook a user’s profile when they leave your business, but you never know what baggage they’re leaving with—baggage that might cause them to lash out in unanticipated ways. We recommend that you practice the Principle of Least Privilege, where you only grant access as needed. There’s no reason that anyone who leaves your business should retain access to data, anyway, and the fewer entry points to your system for hackers (and other potential threats), the better.

To shore up your defenses and control access to your business, give First Column IT a call at (571) 470-5594.

TAGS
Current Events
TAGS
Security
TAGS
Passwords
Previous Post
February 2, 2026
Make Your Life Easier with These 3 No-Brainer Managed Services
One of the inevitabilities of starting and operating a successful business is that your IT infrastructure will eventually outgrow itself. While you might have been able to start operations with just a couple of people, the same network that used to work just fine is likely bowing under the stress of additional employees and workstations. If you want to build a sustainable and reliable infrastructure, it’s best that you rely on experts who can help your company stay as competitive as possible, regardless of how much you grow.
READ MORE
January 30, 2026
How to Stop Manual Data Entry from Killing Your Productivity
We’re sure that even your most talented employees have tasks on their plate that make them feel like expensive data-entry clerks. This is known as the “tedium tax,” and it can have a very real impact on small businesses (especially when employees wear multiple hats). When you have multiple tools that don’t speak well with each other, and you’re forced to resort to manual data entry, your team starts to act like a “human bridge,” connecting these isolated apps themselves—and wasting a lot of time in the process.
READ MORE
January 28, 2026
There’s a Significant Difference Between AI Tools You Need to Pay Attention To
Not all artificially intelligent tools are built the same. One disparity that can make all the difference is whether a particular tool you and your team use is public or private.
READ MORE

Have a project in mind?

Start with our free consultation for VA, DC and MD companies. We will provide a detailed proposal and firm quote based on your specific IT support needs. All at a predictable monthly cost per seat.
Free Consultation - Sign Up Here
About us
First Colum IT

The dedicated team at First Column IT focuses on furnishing complete technology solutions throughout the Virginia, Washington D.C., and Maryland area. We construct advanced cybersecurity, managed IT support, IT consulting, and compliance management solutions for those who depend on technology to provide exceptional service to their clients. We handle the complexities of technology so your business can thrive.

ADDRESS
8462 Virginia Meadows Dr
Manassas, VA 20109
PHONE
Existing Customers: (703) 880-6683New Customers: (571) 470-5594
SOCIAL
Support
Request SupportRequest A QuoteContact us

Copyright 2025 © First Column IT -  (Privacy)