Hackers have struck French and Belgian sites of Domino’s Pizza and siphoned off data of 650,000 customers and have given the company till 7:00 pm today to pay a ransom of €30,000 (about £24,000) or suffer consequences of data disclosure.
“Earlier this week, we hacked our way into the servers of Domino’s Pizza France and Belgium, who happen to share the same vulnerable database”, explained the hacker group going by the name Rex Mundi in a Dpaste.de post (which has since been taken down).
“And boy, did we find some juicy stuff in there! We downloaded over 592,000 customer records (including passwords) from French customers and over 58,000 records from Belgian ones.”
Domino’s spokesman Chris Brandon has confirmed the hack; however, he denied any knowledge about whether the passwords were encrypted or not. Brandon also revealed that he isn’t aware of any ransom demands, but said that if such a demand has been made the company won’t be paying hackers.
“Domino’s Pizza has until Monday at 8PM CET to pay us. If they do not do so, we will post the entirety of the data in our possession on the internet,” the hackers have said.
Domino’s France has however confirmed that they had an encryption system in place, but chances are that hackers may be able to decode their encryption system.
“Domino’s Pizza uses an encryption system for data. However, we suffered a hack by seasoned professionals and it is likely that they could decode the encryption system including passwords,” a tweet from Domino’s France official Twitter account read.
Domino’s VP of communications Tim McIntyre has said that the hacking incident was an isolated to independent franchise markets in Belgium and France and that no financial data has been taken by hackers.
“This does not affect any market outside of France and Belgium,” McIntyre said in an emailed statement to Reuters. “The site has been secured.”
