Allegedly, Domino’s Indian data contains sensitive customer information, such as their name, phone number, and credit card details, and has been sold on Darknet. According to the person who sold the data, it includes details of the approximately 180 million orders received by the pizza chain. Allegedly, Domino’s India data was obtained in early April and includes not only customer information, but also its internal documents, which include detailed information about the company’s 250 employees, totaling 13 terabytes. However, this information has not yet been confirmed.
Alon Gal, CTO of the cyber security company Hudson Rock Tweet Regarding the domino breach in India on Sunday. The executive stated that the hacker is selling data at a price of approximately 10 BTC (calculated at current market prices, approximately Rs 4.25 million or US$569,000).
Allegedly, the hacked information included details of 1 million credit cards. It is said that its order details are 180 million. These include customer name, phone number, email ID, address and payment details. According to screenshots shared by the director of cybersecurity, the vulnerability is said to include internal documents of Domino’s India generated between 2015 and 2021.
According to information published on the dark web, hackers are planning to build a search portal that will be able to query the leaked data.
Gadget 360 contacted Domino’s Indian company to comment on the reported details. A company spokesperson provided the following statement.
Jubilant FoodWorks recently experienced an information security incident. Did not access any data related to anyone’s financial information, and the incident did not have any impact on operations or business. As a policy, we do not store customer financial details or credit card data, so we will not destroy such information.
Our team of experts is investigating this matter, and we have taken the necessary actions to contain this incident.
Domino’s India is owned by Jubilant Foodworks, a catering service company that operates Domino’s Pizza, a pizza chain in the United States. The franchise has 1,314 restaurants in 285 cities. In addition to India, Huan Teng Foods also operates Domino Pizza brands in Bangladesh, Nepal and Sri Lanka. However, it is currently unclear whether the violation includes customer data in the other three countries.
Recently, India’s cyber security problems have become more and more serious. At the end of last month, a hacker group allegedly leaked the sensitive data of millions of MobiKwik users on the dark web, although in this case, the company denied the leak and stated that only fake data was covered. IndiGo also reported in January that its server was hacked in December.
In addition to vulnerabilities and hacking attacks, many companies in the country also exposed their user data due to vulnerabilities. According to reports, the server configuration of the supply chain automation platform Bizongo has been misconfigured, exposing 2.5 million internal documents and data belonging to its customers. The ticketing portal Railyatri also has a security breach that may expose the payment details of more than 700,000 train passengers.
Editor’s note: This copy has been updated to include a response from Domino’s India.
Is OnePlus 9R old wine in a new bottle, or more? We discussed it on the gadget 360 podcast Orbital. Later (from 23:00), we will discuss the new OnePlus watch. Orbital is available for Apple Podcast, Google Podcast, Spotify and wherever you get podcasts.