Former Disney Cast Member Sentenced to Federal Prison for Hacking Resort Allergy Menu System

A former Walt Disney World Cast Member has been sentenced to federal prison after hacking the company’s allergy menu, illegally accessing the resort’s internal systems and altering critical food safety information. The incident raised serious concerns about guest safety and cybersecurity at one of the world’s most visited destinations.

Michael Scheuer, a former menu production manager at Walt Disney World, pleaded guilty in January to knowingly transmitting unauthorized commands to a protected computer and committing aggravated identity misuse. On Wednesday, U.S. District Judge Julie Sneed sentenced him to three years in federal prison. Scheuer was also ordered to forfeit his computer equipment and pay $687,776.50 in restitution to the victims.

The Tree of Life in Disney’s Animal Kingdom in Walt Disney World – Photo Credit M. Montanaro

According to federal filings, Scheuer was terminated from Disney in June 2024 but continued accessing the internal menu system for months afterward using personal devices. His unauthorized activities included altering menus to display profanity, modifying fonts, and most seriously, manipulating allergen information.

Investigators found that during the Disney allergy menu hacking incident, Scheuer falsified warnings to make certain foods appear safe for guests with peanut allergies when they were not. Officials warned that this could have put individuals with severe allergies at significant risk.

Cinderella Castle in Walt Disney World at Dusk looking into Liberty Square – Photo Credit: M. Montanaro

Beyond the allergen tampering, Scheuer also changed wine region listings to reference locations tied to recent national tragedies, inserted offensive symbols into menus, and disrupted access to internal accounts through denial-of-service (DOS) interference. In a disturbing move, Scheuer visited the residence of one Cast Member affected by his actions, giving a thumbs-up to a home security camera before leaving. In response, Disney moved the targeted employee to a secure hotel location and provided security assistance.

Due to the escalating nature of the breach, the FBI Tampa Division intervened. Agents raided Scheuer’s residence, seized his electronics, and halted his unauthorized activities.

Special Agent in Charge Matthew Fodor praised the swift response, stating, “Formidable relationships with the private sector are a pillar of the FBI’s Cyber Strategy. Through the strength in our partnerships, our Cyber Task Force swiftly identified Mr. Scheuer and disrupted his ability to continue threatening the public. We are committed to safeguarding a robust Cyber Strategy to unmask malicious cyber actors to ensure justice is served.”

Epcot Spaceship Earth Walt Disney World Orlando 2010. Photo Credit: chensiyuan, CC BY-SA 4.0 <https://creativecommons.org/licenses/by-sa/4.0>, via Wikimedia Commons

Following news of the Disney allergy menu hacking, Scheuer’s attorney told NBC News that, although the allegations were serious, “no one was physically harmed.” The defense further stated that Scheuer’s personal challenges may have contributed to the circumstances leading to his departure from Disney.

In response to the breach, Disney discontinued use of the third-party menu management application that Scheuer manipulated. The company has since transitioned to a manual menu approval and distribution system while a new, more secure platform is under development.

Cinderella Castle in Walt Disney World at Magic Kingdom during a clear Orlando day – Photo Credit: M. Montanaro

The Disney allergy menu hacking incident stands as a sobering reminder of the risks companies face in the digital era, especially when guest safety and brand trust are on the line.

Do you think the sentencing was just in this case? Sound off in the comments below and let us know!

UP NEXT: Pedro Pascal Calls Harry Potter Author J.K. Rowling a “Heinous Loser” Over Comments Defending Biological Sex Definition