Domino’s India is said to have fallen victim to a major data leak wherein the credit card details of around 10 lakh of its customers and employees have been leaked on the Dark Web.
Customer information comprising names, phone numbers, and payment information, including credit cards, have allegedly been compromised.
According to Alon Gal, CTO of security firm Hudson Rock, a threat actor has claimed to have hacked Domino’s India’s database worth 13TB (terabytes) on the Dark Web, which includes details of more than 250 of the pizza chain’s employees across verticals such as Finance, Operations, IT, Marketing, and Legal, etc.
“Threat actor claiming to have hacked Domino’s India (@dominos) and stealing 13TB worth of data. Information includes 180,000,000 order details containing names, phone numbers, emails, addresses, payment details, and a whopping 1,000,000 credit cards,” Gal tweeted.
The hackers claim to have gained access to all customer details and 18 crore order details which comprise customer’s names, email IDs, phone numbers, delivery address, and payment details comprising over 10 lakh credit card details used to buy on Domino’s India app.
The hackers are planning to sell the entire data to a single buyer. As per Alon Gal, the cybercrooks are looking for $550,000 (approx. Rs 4 crore) for the entire database and are planning to create a search portal to enable querying of the data.
The sale is evidently happening on the Dark Web and likely on a website visited frequently by cyber scammers.
Meanwhile, refuting the data leak claims, Domino’s India has clarified that its user data has not been compromised.
“Jubilant FoodWorks experienced an information security incident recently. No data pertaining to financial information of any person was accessed and the incident has not resulted in any operational or business impact.
As a policy we do not store financial details or credit card data of our customers, thus no such information has been compromised. Our team of experts is investigating the matter, and we have taken necessary actions to contain the incident,” the pizza delivery chain said in a statement.