After more than two months of facing a security breach, the popular pizza restaurant chain Domino’s acknowledged that its systems were breached by a hacker, according to an email it sent to customers on Tuesday evening.
In the email, Jubilant Foodworks, the restaurant’s parent company, said that the security incident happened on March 24. “We moved quickly to contain the breach and hired an external agency to do an impact assessment,” Domino’s wrote in the email, a copy of which has been seen by Entrackr.
The acknowledgement comes just days after a searchable portal, allegedly including data of impacted Domino’s customers, was put up where users could look up for the impacted data of affected users by means of a phone number or email address.
The leaked database includes details like users’ phone numbers, addresses and the amount of orders they have placed with Domino’s.
This reporter’s order details were also present in the searchable portal and the associated delivery location and order details were accurate.
Domino’s hasn’t confirmed whether the searchable portal included data of its impacted customers. We have reached out to Domino’s for more details and will update the story when they respond.
In its email, the company did clarify that no data related to its customers’ financial information was compromised in the breach.
“Domino’s, as a policy, does not store financial details of users such as complete credit card number, CVV, passwords etc. and therefore, no such information was compromised,” the company said in the email.
According to Domino’s’ terms of service, Paytm is the company’s payments provider and “customer saved card[s] details on Dominos India Application, Progressive Web Applications or Desktop, is always saved by Paytm (except CVV number) and not by JFL [Jubilant Foodworks].”
Paytm told Entrackr that customers’ payment details were not impacted in the breach.
There were a few key things that Domino’s did not specify in its email communication, including the number of people impacted by the breach, and the types of personal details that were affected in the breach.
However, according to Rajasthan-based security researcher Rajshekhar Rajaharia, the breached database included around 180 million customers’ order records.
In the email, Domino’s said that it has lodged a formal complaint with the relevant authorities and also filed a complaint with the cyber crimes cell. The company has also hired a global forensic agency to investigate the matter, to try and identify the perpetrators behind the attack.