Key highlights:
- The data worth 13 TB has been put on sale on the dark web.
- The threat actor is demanding $550,000 in exchange for the complete database.
- Jubilant FoodWorks clarified that no data pertaining to any financial information of the customers have been accessed.
Sensitive Information of Customers and Employees Upheld by Hacker
The globally popular multinational pizza chain outlet Domino’s India has suffered from a data breach. Sensitive information of the customers like names, contact info and credit card details have allegedly been breached and put on sale on the dark web.
The Dominos India Data Breach
On 18 April, Alon Gal, Israel based co-founder and Chief Technology Officer of cybercrime intelligence firm Hudson Rock, tweeted that the data was worth 13 terabytes, including internal files of over 250 employees. According to Gal, the data includes as many as 180 million order details including contact information, addresses, email ids, payment details, accounting one million credit card details.
Gal added that the threat actor has put the data up for sale and is demanding $550,000 for the entire database. Gal added that the threat actor also had plans to build a search portal to enable searching for the data.
Clarification on no Leak of Financial Information
After enquiries, a company spokesperson for Domino’s India clarified that no data concerning any financial information has been leaked or accessed. “Jubilant FoodWorks (parent firm of Domino’s India) experienced an information security incident recently. No data pertaining to financial information of any person was accessed and the incident has not resulted in any operational or business impact. As a policy we do not store financial details or credit card data of our customers, thus no such information has been compromised.”
“Our team of experts is investigating the matter and we have taken necessary actions to contain the incident.”
Prior Alert and Consecutive Data Breaches
Rajshekhar Rajaharia, independent cyber security researcher who first alerted users about a big data leak at payments firm MobiKwik last month, had alerted the CERT -in (India’s national cyber defence agency) about the possible hack on March 5 itself.
“I had alerted CERT-in about a possible Domino’s Pizza India hack where the threat actor got data access with details like 200 million orders and personal data of the users too. The hacker, however, did not provide any sample,” Rajaharia said.
Consecutive incidents of hacking involving big Indian firms like Bigbasket, BuyUcoin, Upstox and others have been noticed lately. Earlier in April, Facebook and LinkedIn underwent data leaks of millions of users, including that of Indian users as well. While both admitted that customer data had been leaked, both said it wasn’t hacked from their systems, but was scrapped, indicating the use of an application to extract valuable information from a website.
Also read: Is Microsoft Secure Anymore or Not?
