With the internet allowing communication and data transaction, commerce is made possible.
And in the era where people expect to be able to buy things from wherever they are, the trend benefits a lot of e-commerce businesses. And in the food industry, things are never better.
And pizza company Domino’s Pizza is just one among an increasing number of companies around the world that can conduct their businesses also through the internet.
Unfortunately for the American multinational pizza restaurant chain, it's company in India suffered a data breach back in April, which made its database of 180 million customers’ order records stolen.
The database includes data like the phone number being used by customers, the orders that have been placed, including the location, and email addresses.
And this time, the hackers are selling the 13 TB database, hoping to make some money.
The worst part of this alleged breach is that people are using this data to spy on people. Anybody can easily search any mobile number and can check a person's past locations with date and time. This seems like a real threat to our privacy. #InfoSec #GDPR #DataLeak pic.twitter.com/5G494xJSCf
— Rajshekhar Rajaharia (@rajaharia) May 22, 2021
The portal on on the dark web was first mentioned in one of the popular security forums, and was first noticed Rajshekhar Rajaharia, a researcher from India.
The portal also mentioned that the hackers not only plan to release data of Domino's customers, as they also have plans to release data related to payments and employees.
For its part, Jubilant Foods, the company which owns the Domino’s brand, denied that any financial information was breached in the hack that took place back in April. The company acknowledged and admitted to the hack, but said that customers' financial information remains safe.
The company said that the payment portion of Domino's customers’ data remains safe as they do not store financial details.
"Jubilant FoodWorks experienced an information security incident recently. No data pertaining to financial information of any person was accessed and the incident has not resulted in any operational or business impact. As a policy, we do not store financial details or credit card data of our customers, thus, no such information has been compromised. Our team of experts is investigating the matter and we have taken necessary actions to contain the incident,” said the company spokesperson.
However, according to tweets by Israel-based co-founder and Chief Technology Officer of cybercrime intelligence firm Hudson Rock, Alon Gal, the data that includes as many as 180 million order details, also includes 1 million credit card details.
Gal said that the database was up for sale on the dark web, with the threat actor asking for $550,000 for the data.
The threat actor is looking for around $550,000 for the database and saying they have plans to build a search portal to enable querying the data. pic.twitter.com/o2UuA7LWXJ
— Alon Gal (Under the Breach) (@UnderTheBreach) April 18, 2021
This breach at Domino's highlights how India is at this time, is still lacking the legal and operational remedies to deal with hacks.
India does not have a specific legislation to deal with user data breaches. As a matter of fact, the proposed Personal Data Protection Bill, is still pending since 2019.
Because of this, companies cannot be made liable.
This is why victims of hacks should be made aware of any data breach that involves them.
This is to ensure that they can protect themselves, and hope to prevent similar incident to happen in the future.