After more than two months of dealing with a security breach, famed pizza chain Domino’s admitted its systems had been breached by a hacker, according to an email sent to customers Tuesday night.
In the email, Jubilant Foodworks, the restaurant’s parent company, said the security incident happened on March 24. “We acted quickly to contain the loophole and hired an outside agency to do an impact assessment,” Domino’s wrote in the email, a copy of which was seen by Entrackr.
The acknowledgment comes just days after a searchable portal, allegedly including data from affected Domino customers, was set up where users can search for affected data of affected users by means of a telephone number. phone or e-mail address.
The leaked database includes details such as phone numbers, addresses and the number of orders placed with Domino’s.
This reporter’s order details were also present in the searchable portal and associated delivery location and the order details were accurate.
Domino’s has not confirmed whether the searchable portal includes data from its affected customers. We’ve reached out to Domino’s for more details and will update the story when they respond.
In its email, the company clarified that no data related to its customers’ financial information was compromised during the breach.
“Domino’s, as a policy, does not store users’ financial details such as full credit card number, CVV, passwords, etc. and therefore no such information has been compromised. “the company said in the email.
Paytm said Entrackr that customers’ payment details were not affected by the violation.
There were a few key things Domino’s did not specify in its email communication, including the number of people affected by the breach and the types of personal data that was affected by the breach.
however, according to For Rajshekhar Rajaharia, a security researcher based in Rajasthan, the hacked database included around 180 million customer order records.
In the email, Domino’s said it had lodged an official complaint with the relevant authorities and lodged a complaint with the cybercrime cell. The company also hired a global forensic agency to investigate the case, to try to identify the perpetrators of the attack.