Pizza giant Domino's Australia has indicated an unnamed online ratings system was likely the source of a data leak that has seen its customers bombarded with spam emails over the past few weeks.
The leaked customer data has been used to give an appearance of legitimacy to the phishing emails, which include the customer's first name and the suburb in which they have ordered pizza in an attempt to provoke a response.
Domino's has attributed the data breach to a supplier but has declined to name the company involved.
However, in an update late yesterday CEO Don Meij said the company had matched the data accessed by the spammers to an unnamed online ratings system.
“This is the type of information that is contained in an online rating system managed by a former supplier, which suggests this may have been the source of the information. We are continuing to investigate this,” Meij said in a statement.
“We understand that receiving an unknown email from a third party asking these details in this manner can be confronting and we share your concern about this.”
Domino's earlier said it had ended its agreement with this supplier in July.
The pizza giant had an arrangement with credit agency Equifax for marketing services, and Equifax's recent large-scale breach led to speculation the company was behind the Domino's leak. However, Equifax told iTnews it had no involvement in the incident.
Domino's maintains no "unauthorised access" to its systems has taken place and that no customer financial information was compromised.
It has declined to state how many customers were impacted by the breach.