Hackers blackmail Domino’s Pizza with threat to release data

Personal data stolen including email addresses, phone numbers, passwords stolen

Hackers have demanded a ransom of €30,000 from Domino’s Pizza after stealing personal data on more than 600,000 of its French and Belgian customers. Photo: Reuters
Hackers have demanded a ransom of €30,000 from Domino’s Pizza after stealing personal data on more than 600,000 of its French and Belgian customers. Photo: Reuters

Hackers have demanded a ransom of €30,000 from Domino’s Pizza after stealing personal data on more than 600,000 of its French and Belgian customers.

The data was allegedly stolen during a break-in last week, acknowledged by Dominoos France, which saw 592,000 French and 58,000 Belgian customer records exposed.

“The data hacking is isolated to the Domino’s franchise in France and Belgium, and no customer credit card or financial information was compromised,” said a Domino’s Pizza Group spokesperson said in a statement.

“Domino’s customers in the UK and Republic of Ireland are not affected by this incident. The security of customer information is very important to us. We regularly test our UK website for penetration as part of the ongoing rigorous checks and continual routine maintenance of our online operations.’’

READ MORE

A posting by the hackers on text-hosting site Pastebin claims that the stolen data includes customers’ full names, addresses, phone numbers, email addresses, passwords, delivery instructions and even favourite pizza toppings.

“Domino’s Pizza uses an encryption system for data. However, we suffered a hack by seasoned professionals and it is likely that they could decode the encryption system including passwords,” admitted the official Twitter account for Domino’s France.

‘’This is why we recommend that you change your password for security reasons. We strongly regret this situation and take illegal access very seriously.”

The hackers, a group calling themselves Rex Mundi, posted a sample of the stolen user data along with a demand for €30,000 to not publish the full set.

‘’If you’re a @dominos_pizzafr customer, u may want to know that we have offered Domino’s not to publish your data in exchange for €30,000,’’ Rex Mundi posted on Twitter before its account was suspended.

Domino’s Netherlands spokesperson Andre ten Wolde said the company would not be paying the ransom and that financial data had not been stolen.

A Domino’s UK spokesperson said that Domino’s France and Belgium are not part of the same franchise group as Domino’s Pizza in the UK, which is operated by Domino’s Pizza Enterprises, which holds the “master franchise’’ for Domino’s Pizza in Australia, New Zealand, France, Belgium, the Netherlands and Monaco.

It is currently unknown whether user data from Australia, New Zealand, the Netherlands and Monaco was also compromised.

Domino’s Pizza Group owns and operates the Domino’s Pizza franchises in the UK and Ireland as well as Germany, Switzerland, Liechtenstein and Luxembourg.

Guardian News & Media