Hackers who claim to have broken into the online databases of Domino’s Pizza customers have issued an ultimatum to the take-away company, demanding payment of €30,000 (£23,900) or face the embarrassment of seeing personal details from over 600,000 customers posted online.
On Friday, a group of hackers going by the name Rex Mundi (a latin phrase meaning King of the World) claimed they had “hacked their way” into the servers hosting a database belonging to Domino’s Pizza. The database stored information about Domino’s Pizza customers in France and Belgium.
“We downloaded over 592,000 customer records (including passwords) from French customers and over 58,000 records from Belgian ones. That’s over six hundred thousand records, which include the customers’ full names, addresses, phone numbers, email addresses, passwords and delivery instructions.”
The hackers go on to say they have emailed Domino’s Pizza to demand a ransom of €30,000 or else they will publish all the information online. The hackers have given Domino’s until 8pm CET to respond.
The group also publicised the breach through its Twitter account claiming that while Domino’s Pizza had fixed one vulnerability in the database but others remain. The Twitter account appears to have been suspended on Monday morning.
Domino’s has acknowledged the attack but has said it will not be paying the ransom and that no financial data was stolen – actions which led Rex Mundi to suggest that customers affected by the breach could sue Domino’s if their personal details were leaked.
According to security company SafeNet, its Breach Level Index – which classifies the severity of a breach – puts the Domino’s breach at a severity rating of 7.7, making it a ‘severe’ data breach.
While there was no credit card or other financial data stolen in this breach, Jason Hart from SafeNet say it continues to highlight the need for companies to encrypt customer data – no matter what type of data it is:
“The latest breach continues to raise public awareness of the need for encryption – not just of financial data, but also wider customer information. The fact that financial information was not compromised minimises the severity of the breach. But given the increasing number of data breaches we’re seeing, it’s clear that companies need to start thinking about encrypting more than just financial data. If not they run the risk of losing customers to those competitors that do.”