Former Walt Disney World Cast Member Pleads Guilty in Menu Allergen Hacking Case

The former employee targeted upwards of 14 different Disney cast members in his cyberattacks.

Back in October, a former Walt Disney World cast member was accused of hacking Disney’s computer system and making changes to restaurant allergy menus after being fired. Now, Michael Scheuer has pleaded guilty to the hacks and also faces additional charges.

What’s Happening:

  • The Orlando Sentinel has shared an update on the criminal case against Michael Scheuer.
  • The former Disney menu production manager, who was fired last June for misconduct, has pleaded guilty to hacking into the menu-creation software the company used where he marked food items falsely as peanut-free.
  • The Winter Garden, Florida resident admitted to one count of computer fraud and one count of aggravated identity theft as a part of a plea deal.
  • What could have been a deadly deed was quickly caught by Disney before the altered menus could be shipped off to restaurants.
  • After an FBI investigation, Scheuer was arrested back in October. Walt Disney World was not explicitly mentioned in the court records, however, Sheuer’s lawyer shared to the news source at the time of arrest that he had been employed at Disney.
  • In the signed plea deal, the former cast member admitted to hacking into the company’s software numerous times between July and September.
  • He also admitted to altering the menus to mark certain items as safe from allergens like peanuts, tree nuts, shellfish and milk.
  • Additionally, Scheuer changed the wine regions to areas that recently experienced mass shootings, added a swastika to at least one menu, and also added QR codes that would send patrons to websites that encouraged boycotting Israeli companies and those with significant ties to the country.
  • On top of the incidents with menu alterations, Scheuer blocked 14 Disney employees from their accounts through denial-of-service attacks. Using automated login attempts, Scheuer had these employees' accounts locked by totaling around 100,000 failed login attempts.
  • After an internal investigation, Disney reported the former employee to the FBI as a potential suspect prompting the agency to search Scheuer’s residence in September. They collected several electronic devices, according to the records.
  • In the FBI’s investigation, they found that Scheuer had collected personal information about four former coworkers targeted in the cyberattack. This included phone numbers, addresses, emails, and names of family members.
  • The night before his arrest, Scheuer visited one of the employee’s homes at approximately 11PM. He walked to the door, gave the Ring doorbell a thumbs up and left.
  • In response, Disney put the employee up in a hotel room for his safety.
  • Disney no longer uses the Menu Creator software, and has switched over to a manual menu approval and distribution process.
  • A sentencing date has not yet been set.

Read More Walt Disney World:

Maxon Faber
Based in Los Angeles, California, Maxon is roller coaster and musical theatre nerd. His favorite dinosaur is the parasaurolophus, specifically the one in Jurassic World: The Ride.