Dominos India faced a cyberattack recently which exposed customer order details of over 18 crore orders. After the incident on March 24, many Dominos customers found their data leaked and publicly available to anyone who has their mobile number or email address. The information was available via a darknet URL that the attacker had created, which could be accessed from any smartphone or computer.
Dominos India brand owner Jubilant Foodworks has now claimed that it has informed its customers about the data breach. “Jubilant Foodworks experienced an information security incident on 24th March 2021 wherein our systems were attacked by a hacker,” the company said in an email to its customers, as per a report by Gadgets360. “We moved quickly to contain the breach and hired an external agency to do an impact assessment.”
Meanwhile, the darknet page that made the leaked data publicly available has been taken down and can no longer be reached. Some users have also shared a copy of the email on Twitter.
“No financial data leaked”
The company also claims that no financial data was leaked in the incident. “Domino’s, as a policy, does not store financial details of users such as complete credit card number, CVV, passwords etc. and therefore, no such information was compromised,” the company said.
However, while data on the mode of payments was not leaked, specific amounts for certain orders as well as the total number of orders and total aggregate amount spent on ordering from Dominos was among the information that was leaked. Other data that was leaked for many users included their order address along with latitude and longitude coordinates, in addition to their names, email addresses and order particulars like date, time and bill amount.
The Dominos India breach was first spotted by security researcher Rajshekhar Rajaharia on Twitter after the attackers created the darknet search engine that made the data publicly available.