Domino’s India Data Breach 2021
July 1, 2021
Domino’s is probably the largest pizza delivery company in India which is owned by Jubilant FoodWorks having almost 1400 branches all over India and 18,200 outlets all over the world.
On 16th April 2021, a co-founder of an Israel-based cyber crimes intelligence company found that some hackers had claimed in a post to have more than 13TB of data from Domino’s India which included internal files of 250 employees from IT, Legal, Finance, Marketing, Operations, data of 18 crore orders including order details (name, phone number, email, delivery address with precise latitudinal and longitudinal co-ordinates, credit card details, date and time of orders) from 2015 to 2021.
Hackers had demanded 10BTC, around $550,000 (approx. ₹4 crores) for this database. The hackers also mentioned that they were planning to build a search portal to enable querying the data.
Request a free consultation for your business
Don’t take your cyber security for granted!
Notably, the hackers were ready to pay $1000 to someone who could help them create the search engine. Since nobody responded to hackers’ demand, they put it up publicly on the dark web so that anyone can access it from a search portal. One only needs to enter the mobile number or email address on the search portal and all the information connected to it will be displayed. For now, the credit card details of the people have not been published online. But the hackers claim that they have more than 1 million credit card details and they’ll publicly publish it soon.
Although Domino’s India confirms the data breach but refuses the claim over the credit card details of customers that the hackers threatened to publish by saying, “No data pertaining to financial information of any person was accessed and the incident has not resulted in any operational or business impact. As a policy we do not store financial details or credit card data of our customers, thus no information has been compromised.” Who is to be trusted?
According to the sources, the data breach took place on 24th March 2021. The question of the hour is how does the data being published on the internet affects you? This data can be used to scam someone easily. Several scams are often seen that are termed as Phishing, Smishing, Vishing and e-mail scams where the fraudster uses the personal information to fool a user to gain the access over the bank accounts.
Now the question is what can be done to protect the data on individual basis? Following are the few steps which can be implemented to protect the data.
- Try to minimise online data.
- Try not to use same passwords on multiple websites. Use complex passwords (combination of alphabets, numbers and special characters) or use a password manager if possible. Change your passwords quarterly.
- Do not save the credit card details on payment gateways.
- Use two-factor authentication when possible.
- Use a VPN service to safeguard your location data.
To check if any of your personal data has leaked in any of the breaches, it is recommended to visit have I been pwned! , Where a user needs to input the email ID or phone number to check if any of the user’s data has been compromised earlier.
breach, Cyber attacks, cyber incident, Cybersecurity, data breach