Around May 24, 2021, Domino’s Pizza brand, run by Jubilant Foodworks Limited in India has had its data breached and made public. Details of orders made on Domino’s online using app or website are available for search by anyone.
The data was authentic and exposed full name, full address, GPS coordinates of the delivery location, email address, mobile number.
The public interface created by those who provided this access claim that financial details like credit card, debit card, etc are also available but the company denies any possibility of this since they claim that financial data is never processed or saved on Domino’s Pizza computers.
Further, the hackers were offering the entire data dump, 13 terabytes of purportedly allegedly authentic employee and customer details, for sale to anyone who is willing to talk to them via email mentioned on their public-facing search engine of the breached data.
The company accepted that a breach was made and the mentioned data were stolen. However, the company claimed that financial data was not stolen, and that this incident did not result in any operational or business impact.
Further, the company then took action and claimed, "We moved quickly to contain the breach and hired an external agency to do an impact assessment. Domino's, as a policy, does not store financial details of users such as complete credit card number, CVV, passwords, etc and therefore, no such information was compromised."
The company also approached Delhi High Court to get the Ministry of Electronics and Information Technology; and the Department of Communications to block access to the website.
The access to the link https://slf2rrahypck3bwckpdohsnhpeqrb3nhvwznjmarmweofwnptowe4mad.onion.ly/?s=08 was blocked from Indian Internet Service Providers (ISPs) and it was put on record that the hackers had also attempted to arrange money from the company by intimidating and attempting to extort ransom.
Also read: ‘All Bamb’: Get ready to rock as Amrit Maan’s Latest Song Featuring Neeru Bajwa is out
Though, the access to the link is available via a proxy like KProxy and entering the link in the box provided there. But, even if access to the site can be arranged via a proxy, the hackers have withdrawn the free search facility.
An email address is provided and a forum for publicly displayed negotiations is mentioned on the page. The page also warns of not buying the data from other channels like Telegram app.
The original message by the alleged hackers was,
“We breached Domino's India and got 13TB all internal files of 250 employees from IT, Legal, Finance, Marketing, Operations etc. We got all customers details and 180M order details (name, ph number, email, delivery address, payment details) and 1M credit cards used to purchase on Dominos app.
Also read: Shocking! Divorced teacher elopes with her Class XI student, booked for kidnapping
Internal files contain all files form 2015-2021 and lots of outlook mail archives. Breach - April 2021.
Company details:
Profile: https://finance.yahoo.com/quote/JUBLFOOD.NS?p=JUBLFOOD.NS
Revenue: $500M lasy FY
Employees: 30000
Stores: 1260
Serious buyers PM with your price. One sale only.”
The data appears to have been bought by someone.
So, your data is lying somewhere with someone waiting to be
exploited.
Also read: Centre issues revised guidelines for National Covid vaccination programme