Domino's India Data Leak: 10 Lakh Credit Cards Information on Sale?
Domino's India, a successful pizza delivery chain, is said to have suffered a data breach involving internal company records dating back seven years, personal information belonging to over 250 employees, customer information from over 18 crore food orders, and over 10 lakh credit cards saved during checkout and payments.
Sourajeet Majumder discovered the violation and told Domino's India and Cert-In, among other authorities, about it.
Commenting on the situation, Domino's India has confirmed that no personal information of its customers has been compromised. The complete sentence is as follows:
Jubilant FoodWorks experienced an information security incident recently. No data pertaining to the financial information of any person was accessed and the incident has not resulted in any operational or business impact. As a policy we do not store financial details or credit card data of our customers, thus no such information has been compromised. Our team of experts is investigating the matter, and we have taken necessary actions to contain the incident.
The hackers want to sell all of the information to a single buyer. The hackers are after $550,000 (roughly Rs 4 crores) for the entire database, according to Alon Gal. The hackers also intend to create a search portal that will enable them to query the data.
Threat actor claiming to have hacked Domino's India (@dominos) and stealing 13TB worth of data.
— Alon Gal (Under the Breach) (@UnderTheBreach) April 18, 2021
Information includes 180,000,000 order details containing names, phone numbers, emails, addresses, payment details, and a whopping 1,000,000 credit cards. pic.twitter.com/1yefKim24A
Domino's India is owned by the food service company Jubilant Foodworks, which operates the Domino's Pizza franchise in India. There are 1,314 restaurants in 285 cities in the franchise's network.
Rajshekhar Rajaharia, an independent cybersecurity researcher, told IANS that he had alerted CERT-in (India's national cyber defence agency) on March 5 about the potential hack.
The threat actor is looking for around 0,000 for the database and saying they have plans to build a search portal to enable querying the data. pic.twitter.com/o2UuA7LWXJ
— Alon Gal (Under the Breach) (@UnderTheBreach) April 18, 2021
In the recent past, there have been a slew of hacking incidents involving Indian companies, including Bigbasket, BuyUcoin, JusPay, Upstox, and others.