He Hacked Walt Disney World Menus, Now He's Doing Three Years in Federal Prison

Former menu production manager at Walt Disney World, Michael Scheuer, has been sentenced to three years in federal prison for hacking into Disney's restaurant menu and tampering with items as an act of revenge.​

Scheuer's employment at Disney ended on bad terms in 2024. As retaliation, the former employee accessed Disney's menu systems without permission and tampered with menus, creating major disruptions. His sabotage included:​

• Changing allergen information to falsely indicate foods were safe for allergic guests.
• Altering wine region descriptions to reference places of mass shootings.​
• Embedding offensive imagery, which included swastikas, into menus.​
• He changed menu fonts to make them unreadable.​
• Existing QR codes redirected people to unrelated external websites.​
• Disney employees were locked out of their systems through denial-of-service attacks.​

The company discovered and identified the issues quickly. According to the organization, Disney corrected these unauthorized changes before guests were affected, but disruptions still caused over $150,000 in damage and cleanup costs.

The legal hammer came down hard

Authorities arrested Scheuer in October 2024. He pleaded guilty in January 2025. Besides his three-year prison sentence, Scheuer now must also pay Disney almost $700,000 in restitution and forfeit the computer he used in the hacks.​

"​Formidable relationships with the private sector are a pillar of the FBI's Cyber Strategy. Through the strength in our partnerships, our Cyber Task Force swiftly identified Mr. Scheuer and disrupted his ability to continue threatening the public," said FBI Tampa Division Special Agent in Charge Matthew Fodor.​

Insider cyber attackers are not uncommon

While Scheuer's actions might sound unique, this is not the case. These types of cyberattacks from insiders are fairly common.

In 2019, a former software developer, after being terminated, embedded code into the company's servers. This malicious code created infinite loops, crashing systems and blocking employee logins.  

A former employee of an energy company accessed the network using his VPN account after he was fired. He made changes to critical files that eventually crippled the company's energy forecast system, causing over $26,000 in damages.

These kinds of incidents represent yet another vector of attack that companies have to monitor when they try to protect their infrastructure.