# Mouse Trap: Former Disney Employee Gets Three Years for Menu Hacking Spree

## Mouse Trap: Former Disney Employee Gets Three Years for Menu Hacking Spree

A former Disney employee is heading to federal prison for three years after hacking into the company’s restaurant menu system and launching denial-of-service attacks against former colleagues. Michael Scheuer, who pleaded guilty in January, was also ordered to pay nearly $690,000 in fines for the cyber intrusions.

Scheuer, who had access to Disney’s menu creation and editing system as part of his previous job, used a shared team login after his termination in June of last year to make unauthorized changes to the company’s menus. These alterations weren’t mere cosmetic tweaks; according to court documents, Scheuer added or replaced allergen information in item descriptions while leaving a separate allergen information sheet unchanged. US attorneys argued that these deliberate discrepancies could have misled customers with allergies, potentially leading to dangerous consequences.

Beyond the serious concern of allergen misinformation, Scheuer also engaged in more whimsical acts of digital vandalism. He swapped menu fonts to Wingdings and replaced dish names with jokes – turning “Shellfish” into “Hellfish,” for example. While Disney caught and removed the altered menus before they reached restaurants, the potential for disruption was significant.

Scheuer’s lawyer argued that the menu changes were a misguided attempt to get Disney’s attention, claiming he believed he was wrongfully terminated following a panic attack and subsequent request for mental health accommodations. Unable to find legal representation or get a response from the company, he resorted to hacking, according to his legal team. However, federal prosecutors countered that Scheuer made certain alterations “specifically to avoid detection,” undermining the argument that his actions were solely for attention.

In addition to the menu manipulations, Scheuer also launched “serial denial-of-service attacks” against fourteen former employees, some of whom were involved in his termination. He achieved this by simulating thousands of incorrect login attempts, effectively locking them out of their accounts. The FBI even found him outside the home of one of these employees after searching his residence.

While attorneys acknowledged that Scheuer’s actions were partly driven by a mental health episode, the severity of the cyber intrusions and the potential risks they posed, especially regarding allergen information, ultimately led to the three-year sentence. This case serves as a stark reminder of the serious consequences of unauthorized access and malicious activity within corporate systems, regardless of the perceived justification.