Domino's India data breach: Name, location, mobile number, email of 18 crore orders up for sale on dark web

A hacker has allegedly leaked customer data of Domino’s, a pizza restaurant chain, according to information shared by a cybersecurity expert. The company has acknowledged the data breach but said that customers’ financial information was not exposed because of it. As per the cybersecurity researcher Rajshekhar Rajaharia, people who have access to a portal developed by the hacker are using it to spy on customers by checking their location along with order date and time. Currently, the hacker has made all leaked data public. “Data of 18 crore orders of Domino’s India have become public. Hacker created a search engine on Dark Web. If you have ever ordered @dominos_india online, your data might be leaked. Data include Name, Email, Mobile, GPS Location etc,” Rajaharia tweeted.

The worst part of this alleged breach is that people are using this data to spy on people. Anybody can easily search any mobile number and can check a person's past locations with date and time. This seems like a real threat to our privacy. #InfoSec #GDPR #DataLeak pic.twitter.com/5G494xJSCf

— Rajshekhar Rajaharia (@rajaharia) May 22, 2021

How to check if your Domino’s India data has leaked

The website where this leaked data is available reads, “Payment details and employee files will be made public soon…”. On the same website, the **earlier leaked 13 TB data** is also searchable. To view if your data is available on the website, you will have to download the Tor Browser. Once done, simply visit this link and type your email ID or phone number to look for the data. (Also Read:  Bose discloses data breach following ransomware attack in March, says 'very small number' of individuals' data impacted ) [caption id=“attachment_9544811” align=“alignnone” width=“1280”] Jubilant FoodWorks, which owns Domino’s, said the company had recently experienced a security incident but no financial details of customers have been breached.[/caption] When contacted, Jubilant FoodWorks, which owns Domino’s, said the company had recently experienced a security incident but no financial details of customers have been breached. “Jubilant FoodWorks experienced an information security incident recently. No data pertaining to financial information of any person was accessed and the incident has not resulted in any operational or business impact. As a policy, we do not store financial details or credit card data of our customers, thus no such information has been compromised. Our team of experts is investigating the matter and we have taken necessary actions to contain the incident,” the company spokesperson said. Rajaharia said the hacker has created a search engine for the database which is being misused by people. “The worst part of this alleged breach is that people are using this data to spy on people. Anybody can easily search any mobile number and can check a person’s past locations with date and time. This seems like a real threat to our privacy,” Rajaharia said. As per a statement by Prakash Bell, Head of Customer Success and SE Lead, India & SAARC, Check Point Software Technologies, “Users need to educate themselves with data privacy practices and engage with vendors with only the right amount of information necessary. Restrict certain services to specific numbers/email-IDs, and where possible, enforce parental controls on children’s accounts and devices.” Dipesh Kaura, General Manager, Kaspersky (South Asia) gave a statement about the incident, “It is important for businesses to understand the factors that can cause a data breach in order to be fully prepared to prevent an incident, or mitigate the risks caused by it. Businesses who are a victim of a data breach today not only are responsible to protect their consumer’s data, but also prevent it from being misused by the cybercriminals as an aftermath of a data breach. Anyone can be at risk of a data breach — from individuals to high-level enterprises and governments. More importantly, anyone can put others at risk if they are not protected.” To recall, it was only **last month** that Dominos India had fallen prey to a cyber attack where hackers gained access to 13 TB worth of data, including 180,000,000 order details containing names, phone numbers, payment details, and a million credit card details. (With inputs from PTI)