Photo Credit: YouTube/ Domino's Pizza India
Domino's India brand owner Jubilant Foodworks has informed its customers about the data breach incident that took place on March 24 and leaked its customer data, including their personal details such as mailing addresses and mobile numbers, among others. The latest development comes just days after hackers created a search engine on the dark Web to let anyone look at the customer details of Domino's India by using their phone numbers or email addresses. The company initially confirmed its data breach to the media in April.
“Jubilant Foodworks experienced an information security incident on 24th March, 2021 wherein our systems were attacked by a hacker,” the company said in an email to its customers. “We moved quickly to contain the breach and hired an external agency to do an impact assessment.”
Although Jubilant Foodworks did not provide any details about which data was exactly breached, it reiterated that no data pertaining to financial information of any customers was compromised.
“Domino's, as a policy, does not store financial details of users such as complete credit card number, CVV, passwords etc. and therefore, no such information was compromised,” the company said.
It added that it had logged a formal complaint “with the relevant authorities and also filed a complaint with the Cyber Crimes cell” as well as “hired a global forensic agency” to look into the security issue. The company is also aiming to identify the hackers.
The breach took place in March and was confirmed by Jubilant Foodworks in April — after it was put on sale on the dark Web. However, it ultimately informed customers after the hackers created the search engine with the data that was earlier available for purchase. The search engine, that was initially reported by security researcher Rajshekhar Rajaharia on Twitter, is available on the dark Web and provides details such as mailing addresses, mobile numbers, and longitude and latitude of customers. The hackers claimed that the search engine included data of 180 million Domino's India customers.
While Jubilant Foodworks said that no financial data had been breached, the hackers mentioned on the search engine that they would make payment details and employee files public soon.
It is important to point out that data breach is limited to Domino's India that is owned by Noida-based foodservice company Jubilant Foodworks. This means that it doesn't contain the data being captured directly by American pizza restaurant chain Domino's Pizza. Jubilant Foodworks also operates the Domino's Pizza brand in Bangladesh, Nepal, and Sri Lanka. However, the data breach appears to be limited to its Indian customer base.