Over the last 48 hours, the media has been buzzing about how pizza chain Domino’s India seems to have been the target of a serious cyber attack. According to Alon Gal, co-founder of Israeli cybercrime intelligence firm Under The Breach, the hackers have gained access to 13 TB of internal data from Domino’s India servers.
Domino’s Data Breach
According to the Israeli agency, this contains 180,000,000 order records, which include names, phone numbers, emails, addresses, payment information, and a whopping 1,000,000 credit cards. Employee information for over 250 Domino’s employees from various departments, including IT, regulatory, banking, communications, and operations, was also compromised.
Meanwhile, Domino’s India has denied that any of its customer data has been hacked in any way. The Company said in a press release, “Jubilant FoodWorks recently encountered an information security incident.” There was no access to either person’s financial records, and the event had no institutional or commercial consequences.
The well-known cyber-security expert Rajshekhar Rajaharia, who first warned users about a major data leak at payments company MobiKwik last month, partially corroborated Domino’s press statement when he tweeted, “Again Big Data Leak! Domino’s India 20 Crore Order Details, including 13 TB Results, Allegedly Leaked from #DominosIndia Server Data includes telephone number, email address, name, home address, and payment method.
Rajaharia is a well-known cyber-hacking expert in India… He claims to have informed the Indian government’s Computer Emergency Response Team (CERT-In) about the Domino’s data leak in March. Rajaharia said a data breach at MobiKwik in March 2021 compromised the data of 3.5 million customers, revealing know-your-customer records such as names, phone numbers, and email addresses, Adhar card and PAN cards. MobiKwik refused the violation. Interestingly, Rajaharia had a different perspective on the whole hacking incident. He has been quoted as saying, “It seems that the same Hacker who allegedly compromised #Mobikwik had access to #Domino beginning in February 2021.” On March 5, 2021, I notified CERT-IN of this. Later, Hacker offered domain access to a certain reseller. They are now working to launch a new search engine.”
To Domino’s my daughter is an occasional customer … maybe once a month, plus or minus. Their broad-brushing the entire security breach is kind of understandable. Till there is really a crisis, why create panic? So far much of what is being shoveled around in media has no concrete evidence, for or against. So a public denial, from Domino’s perspective is probably sufficient.
However, to Visa or Mastercard, the credit card’s issuers, and the bank she patronises, she is a nearly regular client with significant financial risk. The bond is more than just a pizza to them.
Shouldn’t Visa/Mastercard/the bank have messaged/called any of the 1 million consumers that may have been affected? Why avoid touch with such a crucial topic because banks and credit card providers will keep delivering all sorts of meaningless deals to consumers all the time? The response should have clearly said that we are in contact with Domino’s and that there is no reason for concern at this time.There has been no breach in financial records. What a relief it will be for all consumers simply to know that they are safe, that their money is safe, and that the bank is in complete charge of the situation.
Now, what about the possible leakage of personal information… name, location, phone number, password, and maybe more? Is it possible that making such information available may be harmful? Who can say? While it is not part of this Domino’s hack, there have been reports of leaks in other businesses where bank account data, Aaadhar card data, and PAN numbers have been leaked. How will these corporations be held accountable?
Is this Domino’s dilemma something we can ignore? Data breaches are getting more common… and frightening.In May 2019, the data of nearly 300 million Indian Truecaller users was leaked and made available for purchase on the dark web.
Amazon India experienced a technological glitch in 2019 that leaked the tax returns of some of its vendors to others… About 400,000 of the retailers had easy access to the tax returns of rival vendors.
Whatever the outcome of the Domino’s breach, I believe banks and service companies must become more attentive to consumer complaints. Trying to wish it away will succeed once in a while. Maybe twice. Although, God forbid, if and when the situation becomes extreme, the fallout would be impossible to manage.
Also Read: Social Media Is The New Help For Indian Crisis, Bitcoin Plunges 17% After Elon Musk Tweets On Tesla Not Accepting Cryptocurrency
