Data breach in India: Jubilant Foodworks, which is the owner of fast-food chain Domino’s, has informed its customers in India that a data breach incident on March 24 had leaked its customer data. The data that was leaked included mobile numbers, email addresses and other personal details of the customers, the company said. While the company had confirmed the data breach to media back in April, it has now sent an email to its customers a few days after the hackers used the dark Web and created a search engine that would allow anyone to look at the details of customers of Domino’s India by using their email IDs or phone numbers.
In the email statement, Jubilant Foodworks told its customers that hackers had attacked its systems in March, after which it rapidly moved to “contain the breach”, hiring an external agency to carry out an impact assessment.
Also read | Most Indian firms witness data breach in past 1 year: Survey
The company has not disclosed any details about the exact data that was compromised during the attack, but it has reiterated that its customers’ financial information was safe and not breached. It stated that Domino’s as a company has a policy to not store any financial details like complete card numbers, passwords or CVVs, among others, which is why such data was not leaked.
A formal complaint with Cyber Crimes cell and relevant authorities has been filed, while a global forensic agency is looking into the security issue, Jubilant Foodworks said, adding that it was also trying to identify the hackers who attacked its system.
While the breach took place in March, hackers initially put the details for sale in April, after which the company confirmed the breach to the media. But the customers are formally being informed now only after a search engine has been created with this data. The existence of the search engine was first shared by security researcher Rajshekhar Rajaharia. Apart from phone numbers and email addresses, the data also contains the latitudinal and longitudinal positions of the customers, and hackers have claimed that the data of 1.8 crore Indian customers is available on the search engine.
Moreover, even as the company has asserted that there was no breach of financial details, hackers have stated on the search engine that the payment details as well as employee files would also be made public soon.
The data breach has only affected Domino’s India managed by Jubilant Foodworks and the data collected directly by the American restaurant chain Domino’s Pizza has remained unaffected. Moreover, while Jubilant Foodworks also manages the brand in neighbouring countries of Nepal, Sri Lanka and Bangladesh, it seems that the breach is only limited to the customer base in India.
