April 20 2021: The India data base of pizza leader, Domino's including customer information like names, phone numbers, and credit card details is alleged to have been hacked and put on sale on the dark web.
In tweets by Israel-based Chief Technology Officer of cybercrime intelligence firm Hudson Rock, Alon Gal, he alleges that the hacked comprises 13 terabytes (TB) covering 180 million order details, including 1 million credit card details.
"Threat actor claiming to have hacked Domino's India and stealing 13TB worth of data. Information includes 180,000,000 order details containing names, phone numbers, emails, addresses, payment details, and a whopping 1,000,000 credit cards."
The hacker, Gal said, was asking for $550,000 for the data.
This was confirmed by Net Security expert Rajashekar Rajaharia in his tweet:
" Again Big Data Leak! 20 Crore Order Details including 13 TB data of Domino's India alleged leaked from #DominosIndia Server. Data Includes mobile, email, name, home address, payment type and Social Login Tokens. It seems Financial data is not there. #infosec #GDPR @jackerhack".
He said Domino's data was claimed to be in the possession of the same hacker who had earlier accessed MobiKwik data. "It seems the same hacker who allegedly hacked #MobiKwik had access to Domino's from February. I had alerted CERT-In on March 5…”.
A spokesperson for Domino’s India said, "Jubilant FoodWorks experienced an information security incident recently. No data pertaining to financial information of any person was accessed and the incident has not resulted in any operational or business impact. As a policy, we do not store financial details or credit card data of our customers, thus, no such information has been compromised. Our team of experts is investigating the matter and we have taken necessary actions to contain the incident.” Jubilant is Domino’s parent company.
Domino's Pizza is the largest food service company in India with 70% market share and a network of over 850 restaurants in more than 200 cities.
Sundar N Balasubramanian, Managing Director, Check Point Software Technologies, India & SAARC: “Domino’s India joins a string of hacking incidents involving Indian firms in the recent past, including Bigbasket, BuyUcoin, JusPay, Upstox and others. There needs to be an increased focus on cybersecurity - based on our research, on average, an organization in India has been attacked 1681 times a week in the last 6 months. This is more than 2.5x higher than the global average of 667 attacks globally.”
Sonit Jain, CEO of GajShield Infotech: “If it is indeed true that customer data along with financial data like credit card has been leaked, it shows that enterprise have still not learnt from others, do not give data security the importance it deserves. They do not follow basic steps to ensure that customer data is well protected, specially financial information. Customers need to be made aware of the breach and provide means to protect against future misusing of their personal and credit card data. Organisations in India have to be made liable for such breaches with enough financial implication making data security a top priority in every enterprise.''