Page Loader
Home / News / Technology News / Domino's acknowledges data breach; Denies leak of million credit cards
Domino's acknowledges data breach; Denies leak of million credit cards

Domino's acknowledges data breach; Denies leak of million credit cards

By Nachiket Mhatre
Apr 19, 2021
07:16 pm
What's the story

Pizzas are usually considered bad for your health, but the latest Domino's India data leak could have serious consequences for your financial health as well. The latest security lapse has allegedly compromised customers' names, phone numbers, delivery addresses, and credit card details. The breach came to light after Alon Gal, CTO of Israeli cybersecurity firm Hudson Rock, tweeted about it on Sunday.

Twitter Post

Alon Gal tweeted about the Domino's leak on Sunday

Super-size it

Massive 13TB data dump spans 180 million pizza orders

The fact that Domino's accounts for 70 percent of the country's pizza consumption and 16 percent of fast-food sales makes the leak all the more damning. The 13TB data cache allegedly includes a million credit card details and data on 180 million orders. Besides customers, personal details of more than 250 Domino's employees spanning IT, legal, finance, marketing, and operations verticals have been leaked.

Returning for seconds

Indian security researcher claims same perpetrator was behind MobiKwik hack

Speaking to IANS, security researcher Rajshekhar Rajaharia claimed to have reported this breach to Indian Computer Emergency Response Team (CERT-in) on March 5. According to Rajaharia, the same hacker was also responsible for the MobiKwik data leak, reported earlier this month. He also claimed that the hacker had access to Domino's data as early as February this year.

Twitter Post

Rajaharia couldn't find payment data in his analysis

Quote

Jubilant FoodWorks admits that it has suffered a security breach

"Jubilant FoodWorks experienced an information security incident recently. No data pertaining to financial information of any person was accessed and the incident has not resulted in any operational or business impact," said Domino's parent company in a statement to Gadgets360.

Calling the bluff

Domino's acknowledges breach, but claims financial data was never stored

Meanwhile, Domino's parent company Jubilant FoodWorks has issued a statement to Gadgets360 acknowledging the breach. However, the company denies storing customer financial details and claims that credit card data has not been compromised. Rajaharia has backed up Domino's claim by tweeting that he couldn't find financial data in the leak so far. Things could change though, as the hackers promise to reveal more.

Quote

Domino's claims credit card details can't be compromised

"As a policy we do not store financial details or credit card data of our customers, thus no such information has been compromised. Our team of experts is investigating the matter and we have taken necessary actions to contain the incident," Domino's spokesperson said.

All or nothing

Seller expects $550,000 for leaked data in one-shot deal

According to Gal's tweet, the hacker has put the data for sale on hacker forums. The seller expects a one-shot deal and has therefore demanded $550,000 for the massive Domino's database. The proof showcased on the forum makes it look like the hacker had access to Domino's database long enough to create a backup, but nothing can be determined conclusively at this juncture.

Proof of data

Hacker apparently working to release a searchable database as proof

Such illegal transactions are usually accompanied by the perpetrators releasing a part of the database as proof for verification. However, this leak is said to have occurred earlier and the hacker is apparently putting together a searchable database as proof for potential buyers. The search portal will allow affected users to query the database to see if they have been compromised.