After an Israeli cyber expert had claimed Domino’s India data hacked on microblogging site Twitter last month. Now an Indian cybersecurity expert has revealed that 18 crore orders data of Domino’s customers are now public and up for sale on dark web.
This time around these hackers have made the stolen Domino’s India data sort of public via a search engine on dark web, according to Indian cybersecurity security expert Rajshekhar Rajaharia.
“Again!! Data of 18 Crore orders of #Domino’s India have become public. Hacker created a search engine on Dark Web. If you have ever ordered @dominos_india online, your data might be leaked. Data include Name, Email, Mobile, GPS Location etc. #InfoSec #GDPR #DataLeak @fs0c131y,” tweeted Rajshekhar Rajaharia on May 21, 2021.
Since the hackers have made the stolen Domino’s India data public via a search engine it is allowing others to easily search and check those data in more details.
“The worst part of this alleged breach is that people are using this data to spy on people. Anybody can easily search any mobile number and can check a person’s past locations with date and time. This seems like a real threat to our privacy. #InfoSec #GDPR #DataLeak,” tweeted Rajaharia.
This further has raised several questions on the infosecurity mechanism of Domino’s India which is run and managed by Jubilant Foodworks. However, the company has denied claims of any data breach pertaining to financial information.
“Jubilant FoodWorks experienced an information security incident recently. No data pertaining to the financial information of any person was accessed and the incident has not resulted in any operational or business impact. As a policy we do not store not store financial details or credit card data of our customers, thus no such information has been compromised,” the company said in a statement.
Given the criticality of data breach, cybersecurity experts have advised organisations to invest more in cybersecurity solutions and practices.
“Organisations handling end-user data should be investing more in cybersecurity solutions and practices that will enhance their security posture. In today’s digitalized world, protecting end-customer information is vital,” said Prakash Bell, Head of Customer Success and SE Lead, India and SAARC, Check Point Software Technologies.
“Implementing technology solutions such as ZTNA, DLP, XDR and security posture management is key. Complementing these with employee education around data handling, vigilance, tight security controls, processes and audits would help creating the desired culture,” added Bell.
However, Bell further emphasized that in case of a breach, organisations should be transparent. “They should reach out to affected users directly, share the impact scope of the breach, what actions end users need to take to address the breach impact and what measures the organization has taken/is taking to address current and future incidents,” he explained.
“Besides instilling confidence in their end customers for continued business engagement, it would also help restore the damaged trust,” added Bell.
However, in the case of Domino’s India data hack incident, the company appears to be not doing anything such and continues to deny claims of data breach so far.