Domino’s Pizza has become one of the latest firms to fall victim to hackers, as they admit data
regarding over 600,000 customers had been stolen from their servers.
Topping the recent attack on RSS firm Feedly where hackers demanded ransom to end
distributed denial of service (DDoS) attacks, hackers attacked Dominos France and Belgium
demanding €30,000 to prevent the public disclosure of users’ personal information.
Notorious hacker outfit @RexMundi_Anon claimed responsibility for the attack via its Twitter
account, which has now been suspended. The group stated “Earlier this week, we hacked our
way into the servers of Domino’s Pizza France and Belgium, who happen to share the same
vulnerable database. And boy, did we find some juicy stuff in there! We downloaded over
592,000 customer records (including passwords) from French customers and over 58,000 records
from Belgian ones”
“That’s over six hundred thousand records, which include the customers’ full names, addresses,
phone numbers, email addresses, passwords, and delivery instructions. (Oh, and their favorite
pizza topping as well, because why not).”
The hackers’ later added, “If Domino’s Pizza doesn’t pay us (on Monday) and we publish your
data, you have the right to sue them”.
The group also stated that it would release the user’s personal information at 7pm UK time if the
ransom was not paid.
However, come 7pm the hackers failed to release the data, and at the time of this publication, no
customer details have been leaked. It’s unclear whether Domino’s Pizza met the hackers’ ransom
request, but we have been in touch for further information.
UK Domino’s users will be pleased to hear that their details are safe, with a spokesperson saying,
“The data hacking is isolated to the Domino’s franchise in France and Belgium, and no customer
credit card or financial information was compromised”.
“Domino’s customers in the UK and Republic of Ireland are not affected by this incident. The
security of customer information is very important to us. We regularly test our UK website for
penetration as part of the ongoing rigorous checks and continual routine maintenance of our
David Emm, senior security researcher at Kaspersky, blasted the breach as yet another example
of customer data not being properly secured. He said, “Once again we have an example of how
customer data, if not adequately secured, can fall into the wrong hands”.
“While it’s important to try and keep out intruders, it’s equally important that organizations
secure data that’s behind their perimeter defenses so that, if those defenses are breached, an
attacker isn’t able to obtain confidential data that can be used to compromise the online identities
of its customers” “The fact that credit card details and other financial data weren’t stolen in this case is good, but
the theft of personal information is bad news for customers too. This is especially true of
passwords since, sadly, many people use the same passwords for many of (or all) their online
Domino’s has recommended that users change their passwords as soon as possible. No further
statements have been made by the hacker group Rex Mundi.