This article was last updated 4 years ago

Domino's
Credits: WIkimedia Commons

Who doesn’t love pizza? Let’s face it, this Italian dish has become the favorite food for a lot of people around the globe. But what if the simple task of ordering a pizza online became a lot more dangerous? Seems impossible right? Well, check again.

The Indian arm of Domino’s Pizza, the popular multinational pizza chain restaurant, has supposedly become the latest victim of a data breach, with sensitive customer information being put on sale on the Dark Web. The information stolen is said to contain order details of nearly 18 crore orders, including names, phone numbers, and credit card details of nearly 10 lakh consumers, while the loss of 13TB (collected over the period of seven years) of internal data stolen by hackers include employee details of over 250 employees across verticals such as IT, Legal, Finance, Marketing, Operations, and others. This alleged leak was uncovered by Alon Gal, co-founder of Israeli cybercrime intelligence firm Hudson Rock, who tweeted about the data breach on Sunday.

According to Gal, the hackers have plans to build a search portal to enable querying of the data and are willing to sell the entire database for an amount of $550,000 (around ₹4 crores). While Domino’s India has neither confirmed nor denied the data breach, it will have rather serious ramifications. This means that anyone who has ever ordered pizza at Domino’s and paid with a credit card and supplied details like their email ID or phone numbers are at risk of having their identity stolen or being involved in cyber fraud.

Jubilant FoodWorks, Dominos’ parent firm, had experienced a cybersecurity breach in recent times, though no data had been stolen. “I had alerted CERT-in about a possible Domino’s Pizza India hack where the threat actor got data access with details like 200 million orders and personal data of the users too. The hacker, however, did not provide any sample,” said independent cybersecurity researcher Rajshekhar Rajaharia. Rajaharia had alerted people about the data breach at digital payments start-up MobiKwik last month.

During that breach, a company spokesperson for Dominos India had said “Jubilant FoodWorks experienced an information security incident recently. No data pertaining to the financial information of any person was accessed and the incident has not resulted in any operational or business impact. As a policy we do not store financial details or credit card data of our customers, thus no such information has been compromised. Our team of experts is investigating the matter and we have taken necessary actions to contain the incident.”

Cybersecurity issues and data breaches are growing common in India in recent times. Apart from Domino’s and MobiKwik, social media platforms Facebook and LinkedIn, digital supply chain platform Bizongo, India’s second-largest stockbroker Upstox, and Indian airline IndiGo were some of the more prominent names to have suffered from data breaches.