The 13 terabytes of data leaked had phone numbers, emails, addresses, payment details, including 1 million credit card details, according to Twitter posts by Alon Gal, the Israel-based co-founder and Chief Technology Officer of cybercrime intelligence firm Hudson Rock. The data was up for sale for $550,000 on the dark web.
Two months after customer data of Domino’s Pizza was breached and days after the hackers made the data publicly searchable, parent company Jubilant FoodWorks informed customers that it experienced an “information security incident” on March 24. Similar to the statement issued by the company earlier, the communication to customers says that no financial information was compromised.
The first thing for companies to take charge when something happens, Gagan says, is that rather than sending an email to consumers to change their passwords, to reset every account in their database. This way, he says, customers will have to change their passwords.
The Domino’s Pizza data breach is just the latest in a long list of companies that have had data breaches in recent times. While it keeps happening repeatedly and puts more and more people at risk, there are no consequences for the company itself.
All public listed companies have an obligation to their shareholders. If there is a breach that can have a material impact on their shareholders, there should be regulations for them to report it to BSE and NSE,” he adds.
The worst part of this alleged breach is that people are using this data to spy on people. Anybody can easily search any mobile number and can check a person's past locations with date and time. The company has admitted to the data breach, but said customers' financial information remains safe.