Domino’s India Data Allegedly Breached by Hacker Selling It on the Dark Web

Domino's India data that included sensitive customer information such as their names, phone numbers, and credit card details has allegedly been breached and put on sale on the dark Web. According to the person selling the data, it includes details of about 18 crore orders received by the pizza chain. Allegedly, Domino's India data was taken earlier in April and this included not only customer information but also its internal files that included details about the company's 250 employees, amounting to 13TB. However, this information has not been confirmed yet.

Alon Gal, CTO of cybersecurity firm Hudson Rock, tweeted about the Domino's India breach on Sunday. The executive said that the hacker was selling the data for around 10 BTC (roughly Rs. 4.25 crores or $569,000 at current market rates.

The information that was allegedly hacked is claimed to include the details of 10 lakh credit cards. It is also said to have order details of 18 crore orders. Those included customer names, phone numbers, email IDs, addresses, and payment details. The breach is claimed to also include Domino's India's internal files that were generated between 2015 and 2021, according to the screenshots shared by the cyber security executive.

According to the messages posted on the dark Web, the hacker is planning to build a search portal that will enable querying of the leaked data.

Gadgets 360 reached out to Domino's India for a comment on the reported details and a company spokesperson provided the following statement.

Jubilant FoodWorks experienced an information security incident recently. No data pertaining to financial information of any person was accessed and the incident has not resulted in any operational or business impact.  As a policy we do not store financial details or credit card data of our customers, thus no such information has been compromised.

Our team of experts is investigating the matter and we have taken necessary actions to contain the incident.

• Telangana Government Exposed Sensitive Data of Its Employees, Pensioners

Domino's India is owned by foodservice company Jubilant Foodworks that operates the franchise of American pizza restaurant chain Domino's Pizza. The franchise has a network of 1,314 restaurants in 285 cities. In addition to India, Jubilant Foodworks operates the Domino's Pizza brand in Bangladesh, Nepal, and Sri Lanka. It is, however, unclear whether the breach included the data of customers in the other three countries.

Cybersecurity issues have of late grown quite significantly in India. Late last month, a hackers group allegedly leaked sensitive data of millions of MobiKwik users on the dark Web, although in that instance, the company denied the leak and said that it covered only dummy data. IndiGo also reported in January that its servers were hacked in December.

Aside from breaches and hacks, many companies in the country also exposed their user data due to vulnerabilities. Supply chain automation platform Bizongo was last week reported to have had server misconfigurations that exposed its 2.5 million internal files and data belonging to its clients. Ticketing portal Railyatri also suffered from a security flaw that could have exposed payment details of over seven lakh train passengers.

Editor's note: This copy was updated to include the response from Domino's India.

Is OnePlus 9R old wine in a new bottle — or something more? We discussed this on Orbital, the Gadgets 360 podcast. Later (starting at 23:00), we talk about the new OnePlus Watch. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, and wherever you get your podcasts.