One month after the attack, Domino’s India has disclosed a data breach. The company admitted that a threat actor hacked its systems and sold stolen data on a hacking forum.
The initial attack took place on March 24. In April 2021, a user on a hacking forum has put up for sale data from 180 million orders and 1 million credit cards, from Domino’s India, as they claimed. The total amount of stolen data was allegedly 13 TB. The price for it was approximately 10 BTC (~$380,000 today) and shared samples of the database structure with the stolen data.
Then in May, the same threat actors launched a dark web search website that people can use to see if their information is in the leak database by entering their phone numbers or email addresses.
Domino’s India says its representatives have used the search engine and confirmed it contained the company’s orders and other personal information.
Today, Domino’s India has finally disclosed the data breach in a short email to customers, this is over a month after it was first detected.
Jubilant Networks, the franchise that owns Domino’s Pizza in India, announced that the company was hacked on March 24th, 2021. However, the company disproved the fact that the threat actor has stolen 1 million credit cards because Domino’s India does not store any financial details of its customers.
The database, however, does contain customers’ mobile numbers, names, email addresses, and GPS coordinates. Threat actors can use this information to carry out additional attacks, phishing scams, and SMS messaging scams, and steal more sensitive data from the impacted individuals.