Cyber attackers have demanded a ransom of €30,000 from the pizza network after stealing personal data on over 600,000 French and Belgian customers of Domino’s Pizza. The personal details were allegedly stolen last week, and Domino’s France admitted that 592,000 French and 58,000 Belgian customer records were exposed to the hack.
Hackers left a message on text-hosting service Pastebin, saying that they have all customers’ names, addresses, phone numbers, emails and passwords. Domino’s France admitted that though they do use an encryption system for information, the company suffered a hack by seasoned professionals who could decode the encrypted data including passwords. Domino’s Pizza recommended all customers to change passwords for security reasons.
In the meantime, the hackers decided they rather need money than the list of favorite toppings of the customers. A group called Rex Mundi demanded €30,000 to not publish the data online.
Domino’s Netherlands responded they would not be paying the ransom, because no financial data had been stolen. It is also known that Domino’s France and Belgium are not part of the same franchise group as Domino’s Pizza in the United Kingdom, which holds the master franchise in Australia, New Zealand, France, Belgium, the Netherlands and Monaco. However, it is unclear whether details of users from Australia, New Zealand, the Netherlands and Monaco were compromised as well.
The data was stolen from the Domino’s franchise in France and Belgium, and even there no credit card or financial data of the customers was compromised. The security experts point out that it is just another example of how customer information, if not properly secured, can fall into the wrong hands. In this case, it is good that financial data was stored separately, but the theft of personal information has never been good news anyway.
By the way, it wasn’t the first time that Rex Mundi tried to extort money from multinational corporations by stealing user private details. Two years ago, the hacking ring stole and published online loan-applicant details from customers of AmeriCash Advance.
A number of other online services, including Feedly and Evernote, have recently been targeted for extortion. The hackers normally demand money to avoid being taken offline by DDoS attacks.