Domino’s India 13 TB data breach allegedly exposes employee, customer information

Domino’s India 13 TB data breach allegedly exposes employee, customer information
Photo Credit: Reuters
20 Apr, 2021

A threat actor has claimed to have put 13 TB worth leaked data allegedly from Domino’s India for sale on the dark web, tweeted Alon Gal, the Israel-based co-founder and chief technology officer of cybercrime intelligence firm Hudson Rock.  

Gal said that the data up for grabs on the dark web include about 180 million order details with over 1 million credit card details. The data reportedly also contains sensitive information such as names, phone numbers, e-mail ids and addresses.  

The threat actor is asking $550,000 against the stolen data and claims he’s also building a search portal to enable data search, Gal added.  

A Jubilant FoodWorks' spokesperson said that the company did indeed have an information security incident in the recent past, however no data loss pertaining to financial information was observed.

"As a policy we do not store financial details or credit card data of our customers, thus no such information has been compromised. Our team of experts is investigating the matter and we have taken necessary actions to contain the incident. Also, would like to categorically state that the news about financial data being leaked is totally incorrect, also as per leading cyber security researchers there is no financial data visible on the dark web," the spokesperson said.  

Rajshekhar Rajaharia, a cybersecurity researcher, said he had alerted India's cyber incident arm of the government Computer Emergency Response Team (CERT-In) about the Domino’s data leak in March. 

“Again big data leak! 200 million order details, including 13 TB data of Domino's India, allegedly leaked from Domino’s India server. The data Includes mobile numbers, email IDs, names, home address, payment types, and social login tokens. It seems the financial data is not there,” he tweeted on Monday. 

Considering the data breaches affecting Indian startups and payments processors, the Reserve Bank of India (RBI) issued new guidelines in February, which stated that payment aggregators and gateways would not be allowed to store the card details of a customer online.   

With this incident, Domino’s joins the list of other internet companies who have faced similar data leaks in recent times.  

Last week, online marketplace for B2B packaging needs Bizongo, confirmed a data breach and said that the company immediately addressed the issue which involved AWS Simple Storage Services (S3), a widely used cloud storage provider for online businesses. 

Around the same time, online stockbroking platform Upstox too acknowledged a data breach that potentially exposed an estimated 2.5 million users’ contact information and KYC details.  

Earlier this year, Bengaluru-based JusPay Technologies, which provides mobile checkout and payment processing solutions, confirmed being hit by a data breach.