A former Disney employee is accused of hacking into the menu software used by Walt Disney World’s restaurants, changing allergy information in ways that could have been harmful to guests. After he was fired, Michael Scheuer allegedly used his old passwords to access the system and tampered with allergy labels on food items, adding false information that made items containing peanuts appear safe for those with peanut allergies. He also added offensive language to the menus and changed fonts to unreadable symbols, according to a federal criminal complaint.

Unauthorized Access and Alleged Tampering

Scheuer reportedly used login credentials he retained from his time at Disney to access the menu system, a proprietary tool Disney uses for printing and managing restaurant menus. The complaint says he changed allergy information, which could have been dangerous if the altered menus had reached the public. Disney caught the changes in time and removed the manipulated menus before they could be distributed.

The complaint also states that Scheuer altered menu pricing, added profane language, and modified fonts. At one point, Disney staff noticed all fonts had been changed to Wingdings, a symbol-based font, making menus unreadable and the system unusable. The disruption caused Disney to take the system offline for up to two weeks, during which time they relied on manual processes to manage menu changes.

Further Alleged Intrusions and Security Breaches

After Disney reset the passwords for the menu system, Scheuer allegedly accessed other systems, uploading modified files with false allergen information and altered QR codes that redirected to a political website. In a separate breach, Scheuer is accused of locking several Disney employees out of their accounts, attempting to log in repeatedly to the company’s online system. He also allegedly gathered personal information about specific employees and visited one of their homes.

Legal and Safety Concerns

Though the criminal complaint doesn’t explicitly name Disney, references to the login portal “wdpr.service-now.com,” commonly associated with Disney, along with the details of the case, make it clear. Scheuer’s lawyer confirmed that none of the tampered menus reached the public, so no guests were harmed by his actions.

This incident is separate from an unrelated lawsuit where a Disney guest filed a wrongful death suit after a fatal allergic reaction suffered by his wife at the park. The hacking and tampering allegations involve only this case and occurred months after the other incident.

Cookie Consent with Real Cookie Banner