Domino's Pizza blackmailed over mass data leak

By , on
Domino's Pizza blackmailed over mass data leak

Updated: Over 600,000 customer records captured.

Fast food giant Domino’s Pizza has been held to ransom for €30,000 (A$43,500) after hackers stole over 600,000 customer details from a legacy platform used by the company’s European operations.

A group named Rex Mundi last week claimed to have breached the systems of Domino's operations in Belgium and France, and captured large amounts of customer data. Hours later, the group demanded the €30,000 from Domino's in exchange for not releasing the data.

The paste containing customer data has since been removed.

A Domino’s Australia spokesperson revealed the data in question involved names, email addresses and phone numbers. No financial records or bank account details were accessed as the company does not hold such data on file, the spokesperson said.

No Australian, New Zealand, Netherlands or Japanese customers were affected.

The hackers were able to access the data through a vulnerability in an old ordering site created in Europe, which is being transitioned to the new Australian-created platform over the next 18 months.

“We value customers’ privacy and we immediately took appropriate steps to close the vulnerability and are continuing to monitor the situation closely. The relevant teams are working closely with local police in relation to this matter,” a spokesperson said.

Domino's France has not indicated whether it will pay the ransom, but confirmed the data breach via Twitter.

The French arm of the global pizza delivery conglomerate said it uses encryption to protect commercial data, but in this case it did not help.

"The hackers we encountered are seasoned professionals and it is likely that they are able to decode the encrypted information, including passwords."

"We sincerely regret the situation and take the illegal access [of customer data] very seriously," it stated and advised customers to change their passwords.

But the hackers have claimed via Twitter that security provisions were not as strong as the company claims.

@dun4n The @dominos_pizzafr passwds are stored as unsalted MD5 hashes. Anyone can decrypt them either online or with CAIN.

— Rex Mundi (@RexMundi_Anon) June 14, 2014

Domino's online operations in France and Belgium are owned by ASX-listed Domino's Pizza Enterprises, which has been in the process of transferring its Australian-made iOS and Android apps to its European subsidiaries over the last 12 months.

None of the Australian created digital platforms were affected, a local spokesperson said.

The system in question may also have been hacked earlier than June 13. A letter to customers purporting to be from Domino's European chief executive Andrew Rennie and published on a Belgian blog said the company suffered an attack on June 9 resulting in data being leaked.

Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
Flash is heading towards its grave, and that's...
Great! Good riddance
Sad! Flash had some good qualities
Irrelevant. I don't care
What's Flash?
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?