An Israeli cyber-crime expert alleges that data of Domino's India customers, including over 1 million credit card details, is on sale in the dark web.
- Hackers reportedly have access to Domino’s India 13TB of internal data.
- Employee details, order, and credit card details of customers have likely been compromised.
- The hackers are aiming to sell the entire database for $550,000.
Popular pizza outlet Domino’s India seems to have fallen victim to a cyber attack. According to Alon Gal co-founder of an Israeli cybercrime intelligence, the hackers have access to Domino’s India 13TB of internal data which includes employee details of over 250 employees across verticals such as IT, Legal, Finance, Marketing, Operations, etc.
Update: Domino’s India has said that it’s user data has not been compromised. Here is the full statement: Jubilant FoodWorks experienced an information security incident recently. No data pertaining to financial information of any person was accessed and the incident has not resulted in any operational or business impact. As a policy we do not store financial details or credit card data of our customers, thus no such information has been compromised.
Our team of experts is investigating the matter, and we have taken necessary actions to contain the incident.
The hackers claim to have got all customer details and 18 crore order details which include customer's names, phone numbers, email IDs, delivery address, payment details including more than 10 lakh credit card details used to purchase on Domino’s India app.
Further, the hackers are aiming to sell the entire data to a single buyer. According to Alon Gal, the hackers are looking for $550,000 (around Rs 4 crores) for the entire database. The hackers also have plans to build a search portal to enable querying the data.
The sale is apparently happening in the dark web and likely on a website frequented by cyber scammers. For now, Domino's India has neither confirmed nor denied that data of its consumers has been stolen or leaked from its servers.
If accurate, the data of Domino's India customers in public puts anyone who has ordered pizza at Domino's and has supplied details like credit card, emails ID or phone numbers at a risk of identity theft and cyber fraud.
It is especially worrying as India has been a victim of several large-scale cyber breaches lately. According to Computer Emergency Response Team (CERT-IN) data, during the Covid-19 pandemic cyber attacks on India grew by nearly 300% last year, growing to 11,58,208 in 2020 compared to 3,94,499 in 2019.
Last month, the Union transport ministry received an alert from the CERT-IN regarding “targeted intrusion activities” directed towards the country’s transport sector with “possible malicious intentions”. This came after a slew of cybersecurity attacks on the Indian government and private sector portals over the past few months.
According to a survey conducted by Sophos Survey titled The Future of Cybersecurity in the Asia Pacific and Japan, about 52 per cent of domestic Indian companies said they fell victim to a cyber attack in the last 12 months. Of these successful breaches, 71 percent of organisations admitted it was a serious or very serious attack, and 65 percent said it took longer than a week to remediate
Cybersecurity experts predict that artificial intelligence and machine learning-driven malware along with state-sponsored cyber attacks will be the most serious threats to business's cybersecurity over the next few years.