Domino's Pizza blackmailed over mass data leak

Powered by SC Magazine
 

Updated: Over 600,000 customer records captured.

Fast food giant Domino’s Pizza has been held to ransom for €30,000 (A$43,500) after hackers stole over 600,000 customer details from a legacy platform used by the company’s European operations.

A group named Rex Mundi last week claimed to have breached the systems of Domino's operations in Belgium and France, and captured large amounts of customer data. Hours later, the group demanded the €30,000 from Domino's in exchange for not releasing the data.

The paste containing customer data has since been removed.

A Domino’s Australia spokesperson revealed the data in question involved names, email addresses and phone numbers. No financial records or bank account details were accessed as the company does not hold such data on file, the spokesperson said.

No Australian, New Zealand, Netherlands or Japanese customers were affected.

The hackers were able to access the data through a vulnerability in an old ordering site created in Europe, which is being transitioned to the new Australian-created platform over the next 18 months.

“We value customers’ privacy and we immediately took appropriate steps to close the vulnerability and are continuing to monitor the situation closely. The relevant teams are working closely with local police in relation to this matter,” a spokesperson said.

Domino's France has not indicated whether it will pay the ransom, but confirmed the data breach via Twitter.

The French arm of the global pizza delivery conglomerate said it uses encryption to protect commercial data, but in this case it did not help.

"The hackers we encountered are seasoned professionals and it is likely that they are able to decode the encrypted information, including passwords."

"We sincerely regret the situation and take the illegal access [of customer data] very seriously," it stated and advised customers to change their passwords.

But the hackers have claimed via Twitter that security provisions were not as strong as the company claims.

@dun4n The @dominos_pizzafr passwds are stored as unsalted MD5 hashes. Anyone can decrypt them either online or with CAIN.

— Rex Mundi (@RexMundi_Anon) June 14, 2014

Domino's online operations in France and Belgium are owned by ASX-listed Domino's Pizza Enterprises, which has been in the process of transferring its Australian-made iOS and Android apps to its European subsidiaries over the last 12 months.

None of the Australian created digital platforms were affected, a local spokesperson said.

The system in question may also have been hacked earlier than June 13. A letter to customers purporting to be from Domino's European chief executive Andrew Rennie and published on a Belgian blog said the company suffered an attack on June 9 resulting in data being leaked.

Copyright © iTnews.com.au . All rights reserved.


Domino's Pizza blackmailed over mass data leak
 
 
 
Top Stories
Westpac interim CIO resigns
Group CIO yet to be appointed.
 
Five emerging technologies that will transform financial services
[Blog post] Far out ideas that aren't far off.
 
Earning the right to innovate
Breaking down the barriers to innovation is a long, but rewarding process, says Bank of Queensland Group CIO, Julie Bale.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  28%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 947

Vote