Dismissed Disney World employees have to spend three years in federal prisons and pay nearly $700,000 to hack into software used by Disney restaurants and mistakenly show that they are free of peanuts and other allergens.
Michael Schuer, 40, of Wintergarden, was sentenced to one count of computer fraud in January before pleading guilty to one count of being a computer fraud in the Central District of Florida District Court, as part of his contract with a prosecutor. He also has to confiscate the computer used in the crime and pay the victim $687,776 in compensation.
According to criminal charges filed in federal court, he was Disney’s menu production manager before being fired for fraud in June. Disney no longer uses the menu creator software he hacked.
Although false information about food allergies can have fatal consequences, it is believed that all of the changed menu was found before it was shipped to the restaurant.
Scheuer was arrested in October after an FBI investigation. Although court records do not mention Disney World by name, Schuer’s lawyer David Haas said in a statement to the Orlando Sentinel at the time of his arrest that Schuer was employed there.
In the legal agreement, Scheuer admitted to violating the company’s software several times between July and September. Most notably, Scheuer adds a notation to certain menu items, and according to the agreement it incorrectly shows that it is safe for people with certain allergies such as peanuts, nuts, shellfish, and milk.
Scheuer has also changed the wine region of the wine menu to an area that has been suffering from mass shooting recently, embedding sw in at least one menu or changing the menu QR code to direct supervision to Israeli companies and companies doing important activities there as well as websites that encourage important activities there.
Additionally, he blocked 14 Disney employees (including former colleagues) through a denial of service attack from his company account, records show. The account was set to lock after too many failed login attempts, and the automated attempts using the script totaled over 100,000. The criminal charges against him said some of the eligible employees were involved in his firing.
After an internal investigation, Disney flagged the FBI as a potential suspect. The agency ran a search warrant at Scheuer’s residence in September and seized several electronic devices, records show. He initially denied any involvement in the cyberattack, and said the company was trying to frame him, according to the complaint.
The FBI has found that it has collected personal information about four employees targeted in the cyberattack, including phone numbers, email addresses, physical addresses, and names of family members and relatives.
The night before his arrest, Schuer drove to one of the targeted employees’ house shortly before 11pm, walked to the front door and gave a thumbs up to the ring doorbell camera before leaving. As a result, the employee left his home and was placed in a hotel by Disney.
Original issue: April 24, 2025, 3:09pm EDT
