Hackers demand €30,000 ransom from Domino's Pizza after break-in

17 Jun 2014

Hackers have demanded €30,000 ransom from Domino's Pizza after stealing personal data of over 600,000 of its French and Belgian customers.

The break-in, last week, acknowledged by Domino's France, exposed the data of 592,000 French and 58,000 Belgian customers.

According to a posting by the hackers on text-hosting site Pastebin, the stolen data included the full names of customers, their addresses, phone numbers, email addresses, passwords, delivery instructions and even favourite pizza toppings.

"Domino's Pizza uses an encryption system for data. However, we suffered a hack by seasoned professionals and it is likely that they could decode the encryption system including passwords," admitted the official Twitter account for Domino's France.

''This is why we recommend that you change your password for security reasons. We strongly regret this situation and take illegal access very seriously."

The hackers, going by the name Rex Mundi, posted a sample of the stolen user data along with a demand for €30,000 to not publish the full set.

''If you're a @dominos_pizzafr customer, u may want to know that we have offered Domino's not to publish your data in exchange for €30,000,'' Rex Mundi posted on Twitter before its account was suspended.

According to reports, Domino's was refusing to pay the ransom, with the head of Domino's Netherlands Andre Ten Wolde telling local newspaper De Standaard that the company would not be paying the ransom and assuring customers that no financial information was included in the stolen data.

Domino's France had meanwhile recommended that users change their passwords, SC Magazine reported.

The group tweeted in response yesterday:''@dominos_pizzafrcustomer, u may want to know that we have offered Domino's not to publish your data in exchange for 30,000EUR.

''PSA: If @dominos_pizzafr doesn't pay us tomorrow and we publish your data, u have the right to sue them. Speak to yr lawyer!

-     Rex Mundi (@RexMundi_Anon) June 15, 2014

According to Bob Tarzey, an analyst and director IT business and analysis house Quocirca who spoke to SCMagazineUK.com, not  giving in to ransom was the right thing as, once you started doing it you were encouraging others to do so. 

He added, businesses needed to take a collective stand, working with government and industry bodies to frustrate data thieves.